Information on source package libspring-java

Available versions

ReleaseVersion
jessie3.0.6.RELEASE-17+deb8u2
stretch4.3.5-1+deb9u1
buster4.3.22-4
bullseye4.3.30-1
bookworm4.3.30-2
trixie4.3.30-2
sid4.3.30-2

Open issues

BugjessiestretchbusterbullseyebookwormtrixiesidDescription
CVE-2018-1272vulnerable (no DSA)vulnerable (no DSA, ignored)fixedfixedfixedfixedfixedSpring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior t ...
CVE-2018-1257fixedvulnerable (no DSA, ignored)fixedfixedfixedfixedfixedSpring Framework, versions 5.0.x prior to 5.0.6, versions 4.3.x prior ...
CVE-2018-1199vulnerable (no DSA)vulnerable (no DSA, ignored)fixedfixedfixedfixedfixedSpring Security (Spring Security 4.1.x before 4.1.5, 4.2.x before 4.2. ...
CVE-2016-5007vulnerable (no DSA, ignored)fixedfixedfixedfixedfixedfixedBoth Spring Security 3.2.x, 4.0.x, 4.1.0 and the Spring Framework 3.2. ...

Open unimportant issues

BugjessiestretchbusterbullseyebookwormtrixiesidDescription
CVE-2024-38829vulnerablevulnerablevulnerablevulnerablevulnerablevulnerablevulnerableA vulnerability in Spring LDAP allows data exposure for case sensitive ...
CVE-2024-38828vulnerablevulnerablevulnerablevulnerablevulnerablevulnerablevulnerableSpring MVC controller methods with an @RequestBody byte[]method parame ...
CVE-2024-38820vulnerablevulnerablevulnerablevulnerablevulnerablevulnerablevulnerableThe fix for CVE-2022-22968 made disallowedFieldspatterns in DataBinder ...
CVE-2024-38819vulnerablevulnerablevulnerablevulnerablevulnerablevulnerablevulnerableApplications serving static resources through the functional web frame ...
CVE-2024-38816vulnerablevulnerablevulnerablevulnerablevulnerablevulnerablevulnerableApplications serving static resources through the functional web frame ...
CVE-2024-38809vulnerablevulnerablevulnerablevulnerablevulnerablevulnerablevulnerableApplications that parse ETags from "If-Match" or "If-None-Match" reque ...
CVE-2024-38808vulnerablevulnerablevulnerablevulnerablevulnerablevulnerablevulnerableIn Spring Framework versions 5.3.0 - 5.3.38 and older unsupported vers ...
CVE-2024-38807vulnerablevulnerablevulnerablevulnerablevulnerablevulnerablevulnerableApplications that use spring-boot-loaderor spring-boot-loader-classica ...
CVE-2024-22262vulnerablevulnerablevulnerablevulnerablevulnerablevulnerablevulnerableApplications that use UriComponentsBuilderto parse an externally provi ...
CVE-2024-22259vulnerablevulnerablevulnerablevulnerablevulnerablevulnerablevulnerableApplications that use UriComponentsBuilder in Spring Frameworkto parse ...
CVE-2024-22243vulnerablevulnerablevulnerablevulnerablevulnerablevulnerablevulnerableApplications that use UriComponentsBuilderto parse an externally provi ...
CVE-2023-20863vulnerablevulnerablevulnerablevulnerablevulnerablevulnerablevulnerableIn spring framework versions prior to 5.2.24 release+ ,5.3.27+ and 6.0 ...
CVE-2023-20861vulnerablevulnerablevulnerablevulnerablevulnerablevulnerablevulnerableIn Spring Framework versions 6.0.0 - 6.0.6, 5.3.0 - 5.3.25, 5.2.0.RELE ...
CVE-2023-20860vulnerablevulnerablevulnerablevulnerablevulnerablevulnerablevulnerableSpring Framework running version 6.0.0 - 6.0.6 or 5.3.0 - 5.3.25 using ...
CVE-2022-22971vulnerablevulnerablevulnerablevulnerablevulnerablevulnerablevulnerableIn spring framework versions prior to 5.3.20+ , 5.2.22+ and old unsupp ...
CVE-2022-22970vulnerablevulnerablevulnerablevulnerablevulnerablevulnerablevulnerableIn spring framework versions prior to 5.3.20+ , 5.2.22+ and old unsupp ...
CVE-2022-22968vulnerablevulnerablevulnerablevulnerablevulnerablevulnerablevulnerableIn Spring Framework versions 5.3.0 - 5.3.18, 5.2.0 - 5.2.20, and older ...
CVE-2022-22965vulnerablevulnerablevulnerablevulnerablevulnerablevulnerablevulnerableA Spring MVC or Spring WebFlux application running on JDK 9+ may be vu ...
CVE-2022-22950vulnerablevulnerablevulnerablevulnerablevulnerablevulnerablevulnerablen Spring Framework versions 5.3.0 - 5.3.16 and older unsupported versi ...
CVE-2021-22096vulnerablevulnerablevulnerablevulnerablevulnerablevulnerablevulnerableIn Spring Framework versions 5.3.0 - 5.3.10, 5.2.0 - 5.2.17, and older ...
CVE-2021-22060vulnerablevulnerablevulnerablevulnerablevulnerablevulnerablevulnerableIn Spring Framework versions 5.3.0 - 5.3.13, 5.2.0 - 5.2.18, and older ...
CVE-2020-5421vulnerablevulnerablevulnerablefixedfixedfixedfixedIn Spring Framework versions 5.2.0 - 5.2.8, 5.1.0 - 5.1.17, 5.0.0 - 5. ...
CVE-2016-1000027vulnerablefixedfixedfixedfixedfixedfixedPivotal Spring Framework through 5.3.16 suffers from a potential remot ...

Resolved issues

BugDescription
CVE-2024-22233In Spring Framework versions 6.0.15 and 6.1.2, it is possible for a us ...
CVE-2023-34053In Spring Framework versions 6.0.0 - 6.0.13, it is possible for a user ...
CVE-2021-22118In Spring Framework, versions 5.2.x prior to 5.2.15 and versions 5.3.x ...
CVE-2020-5398In Spring Framework, versions 5.2.x prior to 5.2.3, versions 5.1.x pri ...
CVE-2020-5397Spring Framework, versions 5.2.x prior to 5.2.3 are vulnerable to CSRF ...
CVE-2018-15756Spring Framework, version 5.1, versions 5.0.x prior to 5.0.10, version ...
CVE-2018-11040Spring Framework, versions 5.0.x prior to 5.0.7 and 4.3.x prior to 4.3 ...
CVE-2018-11039Spring Framework (versions 5.0.x prior to 5.0.7, versions 4.3.x prior ...
CVE-2018-1275Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior t ...
CVE-2018-1271Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior t ...
CVE-2018-1270Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior t ...
CVE-2016-9878An issue was discovered in Pivotal Spring Framework before 3.2.18, 4.2 ...
CVE-2015-5211Under some situations, the Spring Framework 4.2.0 to 4.2.1, 4.0.0 to 4 ...
CVE-2015-3192Pivotal Spring Framework before 3.2.14 and 4.x before 4.1.7 do not pro ...
CVE-2015-0201The Java SockJS client in Pivotal Spring Framework 4.1.x before 4.1.5 ...
CVE-2014-3625Directory traversal vulnerability in Pivotal Spring Framework 3.0.4 th ...
CVE-2014-3578Directory traversal vulnerability in Pivotal Spring Framework 3.x befo ...
CVE-2014-1904Cross-site scripting (XSS) vulnerability in web/servlet/tags/form/Form ...
CVE-2014-0225When processing user provided XML documents, the Spring Framework 4.0. ...
CVE-2014-0097The ActiveDirectoryLdapAuthenticator in Spring Security 3.2.0 to 3.2.1 ...
CVE-2014-0054The Jaxb2RootElementHttpMessageConverter in Spring MVC in Spring Frame ...
CVE-2013-7315The Spring MVC in Spring Framework before 3.2.4 and 4.0.0.M1 through 4 ...
CVE-2013-6430The JavaScriptUtils.javaScriptEscape method in web/util/JavaScriptUtil ...
CVE-2013-6429The SourceHttpMessageConverter in Spring MVC in Spring Framework befor ...
CVE-2013-4152The Spring OXM wrapper in Spring Framework before 3.2.4 and 4.0.0.M1, ...

Security announcements

DSA / DLADescription
DLA-2635-1libspring-java - security update
ELA-408-1libspring-java - security update
DLA-1853-1libspring-java - security update
DSA-2890-1libspring-java - security update
DSA-2857-1libspring-java - several
DSA-2842-1libspring-java - several

Search for package or bug name: Reporting problems