VMware

Spring Framework

72 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
Warnung Exploit
  • EPSS 99.68%
  • Veröffentlicht 01.04.2022 23:15:13
  • Zuletzt bearbeitet 30.10.2025 19:56:43

A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application is deployed as a Sp...

  • EPSS 35.83%
  • Veröffentlicht 01.04.2022 23:15:13
  • Zuletzt bearbeitet 21.11.2024 06:47:40

n Spring Framework versions 5.3.0 - 5.3.16 and older unsupported versions, it is possible for a user to provide a specially crafted SpEL expression that may cause a denial of service condition.

  • EPSS 0.86%
  • Veröffentlicht 10.01.2022 14:10:16
  • Zuletzt bearbeitet 21.11.2024 05:49:31

In Spring Framework versions 5.3.0 - 5.3.13, 5.2.0 - 5.2.18, and older unsupported versions, it is possible for a user to provide malicious input to cause the insertion of additional log entries. This is a follow-up to CVE-2021-22096 that protects ag...

  • EPSS 1.27%
  • Veröffentlicht 28.10.2021 16:15:07
  • Zuletzt bearbeitet 21.11.2024 05:49:31

In Spring Framework versions 5.3.0 - 5.3.10, 5.2.0 - 5.2.17, and older unsupported versions, it is possible for a user to provide malicious input to cause the insertion of additional log entries.

  • EPSS 0.4%
  • Veröffentlicht 27.05.2021 15:15:07
  • Zuletzt bearbeitet 21.11.2024 05:49:32

In Spring Framework, versions 5.2.x prior to 5.2.15 and versions 5.3.x prior to 5.3.7, a WebFlux application is vulnerable to a privilege escalation: by (re)creating the temporary storage directory, a locally authenticated malicious user can read or ...

  • EPSS 10.74%
  • Veröffentlicht 19.09.2020 04:15:11
  • Zuletzt bearbeitet 21.11.2024 05:34:08

In Spring Framework versions 5.2.0 - 5.2.8, 5.1.0 - 5.1.17, 5.0.0 - 5.0.18, 4.3.0 - 4.3.28, and older unsupported versions, the protections against RFD attacks from CVE-2015-5211 may be bypassed depending on the browser used through the use of a jses...

Exploit
  • EPSS 2.38%
  • Veröffentlicht 17.01.2020 19:15:14
  • Zuletzt bearbeitet 21.11.2024 05:34:03

Spring Framework, versions 5.2.x prior to 5.2.3 are vulnerable to CSRF attacks through CORS preflight requests that target Spring MVC (spring-webmvc module) or Spring WebFlux (spring-webflux module) endpoints. Only non-authenticated endpoints are vul...

  • EPSS 88.08%
  • Veröffentlicht 17.01.2020 00:15:12
  • Zuletzt bearbeitet 21.11.2024 05:34:04

In Spring Framework, versions 5.2.x prior to 5.2.3, versions 5.1.x prior to 5.1.13, and versions 5.0.x prior to 5.0.16, an application is vulnerable to a reflected file download (RFD) attack when it sets a "Content-Disposition" header in the response...

Exploit
  • EPSS 32.26%
  • Veröffentlicht 02.01.2020 23:15:11
  • Zuletzt bearbeitet 21.11.2024 02:42:50

Pivotal Spring Framework through 5.3.16 suffers from a potential remote code execution (RCE) issue if used for Java deserialization of untrusted data. Depending on how the library is implemented within a product, this issue may or not occur, and auth...

  • EPSS 0.65%
  • Veröffentlicht 19.12.2018 22:29:00
  • Zuletzt bearbeitet 21.11.2024 03:51:28

Spring Security versions 5.1.x prior to 5.1.2 contain an authorization bypass vulnerability during JWT issuer validation. In order to be impacted, the same private key for an honest issuer and a malicious user must be used when signing JWTs. In that ...