CVE-2022-22965
- EPSS 99.68%
- Veröffentlicht 01.04.2022 23:15:13
- Zuletzt bearbeitet 30.10.2025 19:56:43
A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application is deployed as a Sp...
CVE-2022-22950
- EPSS 35.83%
- Veröffentlicht 01.04.2022 23:15:13
- Zuletzt bearbeitet 21.11.2024 06:47:40
n Spring Framework versions 5.3.0 - 5.3.16 and older unsupported versions, it is possible for a user to provide a specially crafted SpEL expression that may cause a denial of service condition.
CVE-2021-22060
- EPSS 0.86%
- Veröffentlicht 10.01.2022 14:10:16
- Zuletzt bearbeitet 21.11.2024 05:49:31
In Spring Framework versions 5.3.0 - 5.3.13, 5.2.0 - 5.2.18, and older unsupported versions, it is possible for a user to provide malicious input to cause the insertion of additional log entries. This is a follow-up to CVE-2021-22096 that protects ag...
CVE-2021-22096
- EPSS 1.27%
- Veröffentlicht 28.10.2021 16:15:07
- Zuletzt bearbeitet 21.11.2024 05:49:31
In Spring Framework versions 5.3.0 - 5.3.10, 5.2.0 - 5.2.17, and older unsupported versions, it is possible for a user to provide malicious input to cause the insertion of additional log entries.
CVE-2021-22118
- EPSS 0.4%
- Veröffentlicht 27.05.2021 15:15:07
- Zuletzt bearbeitet 21.11.2024 05:49:32
In Spring Framework, versions 5.2.x prior to 5.2.15 and versions 5.3.x prior to 5.3.7, a WebFlux application is vulnerable to a privilege escalation: by (re)creating the temporary storage directory, a locally authenticated malicious user can read or ...
CVE-2020-5421
- EPSS 10.74%
- Veröffentlicht 19.09.2020 04:15:11
- Zuletzt bearbeitet 21.11.2024 05:34:08
In Spring Framework versions 5.2.0 - 5.2.8, 5.1.0 - 5.1.17, 5.0.0 - 5.0.18, 4.3.0 - 4.3.28, and older unsupported versions, the protections against RFD attacks from CVE-2015-5211 may be bypassed depending on the browser used through the use of a jses...
CVE-2020-5397
- EPSS 2.38%
- Veröffentlicht 17.01.2020 19:15:14
- Zuletzt bearbeitet 21.11.2024 05:34:03
Spring Framework, versions 5.2.x prior to 5.2.3 are vulnerable to CSRF attacks through CORS preflight requests that target Spring MVC (spring-webmvc module) or Spring WebFlux (spring-webflux module) endpoints. Only non-authenticated endpoints are vul...
CVE-2020-5398
- EPSS 88.08%
- Veröffentlicht 17.01.2020 00:15:12
- Zuletzt bearbeitet 21.11.2024 05:34:04
In Spring Framework, versions 5.2.x prior to 5.2.3, versions 5.1.x prior to 5.1.13, and versions 5.0.x prior to 5.0.16, an application is vulnerable to a reflected file download (RFD) attack when it sets a "Content-Disposition" header in the response...
CVE-2016-1000027
- EPSS 32.26%
- Veröffentlicht 02.01.2020 23:15:11
- Zuletzt bearbeitet 21.11.2024 02:42:50
Pivotal Spring Framework through 5.3.16 suffers from a potential remote code execution (RCE) issue if used for Java deserialization of untrusted data. Depending on how the library is implemented within a product, this issue may or not occur, and auth...
CVE-2018-15801
- EPSS 0.65%
- Veröffentlicht 19.12.2018 22:29:00
- Zuletzt bearbeitet 21.11.2024 03:51:28
Spring Security versions 5.1.x prior to 5.1.2 contain an authorization bypass vulnerability during JWT issuer validation. In order to be impacted, the same private key for an honest issuer and a malicious user must be used when signing JWTs. In that ...