Bug | jessie | stretch | buster | bullseye | bookworm | trixie | sid | Description |
---|
CVE-2022-22971 | vulnerable | vulnerable | vulnerable | vulnerable | vulnerable | vulnerable | vulnerable | In spring framework versions prior to 5.3.20+ , 5.2.22+ and old unsupp ... |
CVE-2022-22970 | vulnerable | vulnerable | vulnerable | vulnerable | vulnerable | vulnerable | vulnerable | In spring framework versions prior to 5.3.20+ , 5.2.22+ and old unsupp ... |
CVE-2022-22968 | vulnerable | vulnerable | vulnerable | vulnerable | vulnerable | vulnerable | vulnerable | In Spring Framework versions 5.3.0 - 5.3.18, 5.2.0 - 5.2.20, and older ... |
CVE-2022-22965 | vulnerable | vulnerable | vulnerable | vulnerable | vulnerable | vulnerable | vulnerable | A Spring MVC or Spring WebFlux application running on JDK 9+ may be vu ... |
CVE-2022-22950 | vulnerable | vulnerable | vulnerable | vulnerable | vulnerable | vulnerable | vulnerable | n Spring Framework versions 5.3.0 - 5.3.16 and older unsupported versi ... |
CVE-2018-1272 | vulnerable (no DSA) | vulnerable (no DSA, ignored) | fixed | fixed | fixed | fixed | fixed | Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior t ... |
CVE-2018-1257 | fixed | vulnerable (no DSA, ignored) | fixed | fixed | fixed | fixed | fixed | Spring Framework, versions 5.0.x prior to 5.0.6, versions 4.3.x prior ... |
CVE-2018-1199 | vulnerable (no DSA) | vulnerable (no DSA, ignored) | fixed | fixed | fixed | fixed | fixed | Spring Security (Spring Security 4.1.x before 4.1.5, 4.2.x before 4.2. ... |
CVE-2016-5007 | vulnerable (no DSA, ignored) | fixed | fixed | fixed | fixed | fixed | fixed | Both Spring Security 3.2.x, 4.0.x, 4.1.0 and the Spring Framework 3.2. ... |
Bug | jessie | stretch | buster | bullseye | bookworm | trixie | sid | Description |
---|
CVE-2024-38828 | vulnerable | vulnerable | vulnerable | vulnerable | vulnerable | vulnerable | vulnerable | Spring MVC controller methods with an @RequestBody byte[]method parame ... |
CVE-2024-38820 | vulnerable | vulnerable | vulnerable | vulnerable | vulnerable | vulnerable | vulnerable | The fix for CVE-2022-22968 made disallowedFieldspatterns in DataBinder ... |
CVE-2024-38816 | vulnerable | vulnerable | vulnerable | vulnerable | vulnerable | vulnerable | vulnerable | Applications serving static resources through the functional web frame ... |
CVE-2024-38809 | vulnerable | vulnerable | vulnerable | vulnerable | vulnerable | vulnerable | vulnerable | Applications that parse ETags from "If-Match" or "If-None-Match" reque ... |
CVE-2024-38808 | vulnerable | vulnerable | vulnerable | vulnerable | vulnerable | vulnerable | vulnerable | In Spring Framework versions 5.3.0 - 5.3.38 and older unsupported vers ... |
CVE-2024-38807 | vulnerable | vulnerable | vulnerable | vulnerable | vulnerable | vulnerable | vulnerable | Applications that use spring-boot-loaderor spring-boot-loader-classica ... |
CVE-2024-22262 | vulnerable | vulnerable | vulnerable | vulnerable | vulnerable | vulnerable | vulnerable | Applications that use UriComponentsBuilderto parse an externally provi ... |
CVE-2024-22259 | vulnerable | vulnerable | vulnerable | vulnerable | vulnerable | vulnerable | vulnerable | Applications that use UriComponentsBuilder in Spring Frameworkto parse ... |
CVE-2024-22243 | vulnerable | vulnerable | vulnerable | vulnerable | vulnerable | vulnerable | vulnerable | Applications that use UriComponentsBuilderto parse an externally provi ... |
CVE-2023-20863 | vulnerable | vulnerable | vulnerable | vulnerable | vulnerable | vulnerable | vulnerable | In spring framework versions prior to 5.2.24 release+ ,5.3.27+ and 6.0 ... |
CVE-2023-20861 | vulnerable | vulnerable | vulnerable | vulnerable | vulnerable | vulnerable | vulnerable | In Spring Framework versions 6.0.0 - 6.0.6, 5.3.0 - 5.3.25, 5.2.0.RELE ... |
CVE-2023-20860 | vulnerable | vulnerable | vulnerable | vulnerable | vulnerable | vulnerable | vulnerable | Spring Framework running version 6.0.0 - 6.0.6 or 5.3.0 - 5.3.25 using ... |
CVE-2021-22096 | vulnerable | vulnerable | vulnerable | vulnerable | vulnerable | vulnerable | vulnerable | In Spring Framework versions 5.3.0 - 5.3.10, 5.2.0 - 5.2.17, and older ... |
CVE-2021-22060 | vulnerable | vulnerable | vulnerable | vulnerable | vulnerable | vulnerable | vulnerable | In Spring Framework versions 5.3.0 - 5.3.13, 5.2.0 - 5.2.18, and older ... |
CVE-2020-5421 | vulnerable | vulnerable | vulnerable | fixed | fixed | fixed | fixed | In Spring Framework versions 5.2.0 - 5.2.8, 5.1.0 - 5.1.17, 5.0.0 - 5. ... |
CVE-2016-1000027 | vulnerable | fixed | fixed | fixed | fixed | fixed | fixed | Pivotal Spring Framework through 5.3.16 suffers from a potential remot ... |
Bug | Description |
---|
CVE-2024-22233 | In Spring Framework versions 6.0.15 and 6.1.2, it is possible for a us ... |
CVE-2023-34053 | In Spring Framework versions 6.0.0 - 6.0.13, it is possible for a user ... |
CVE-2021-22118 | In Spring Framework, versions 5.2.x prior to 5.2.15 and versions 5.3.x ... |
CVE-2020-5398 | In Spring Framework, versions 5.2.x prior to 5.2.3, versions 5.1.x pri ... |
CVE-2020-5397 | Spring Framework, versions 5.2.x prior to 5.2.3 are vulnerable to CSRF ... |
CVE-2018-15756 | Spring Framework, version 5.1, versions 5.0.x prior to 5.0.10, version ... |
CVE-2018-11040 | Spring Framework, versions 5.0.x prior to 5.0.7 and 4.3.x prior to 4.3 ... |
CVE-2018-11039 | Spring Framework (versions 5.0.x prior to 5.0.7, versions 4.3.x prior ... |
CVE-2018-1275 | Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior t ... |
CVE-2018-1271 | Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior t ... |
CVE-2018-1270 | Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior t ... |
CVE-2016-9878 | An issue was discovered in Pivotal Spring Framework before 3.2.18, 4.2 ... |
CVE-2015-5211 | Under some situations, the Spring Framework 4.2.0 to 4.2.1, 4.0.0 to 4 ... |
CVE-2015-3192 | Pivotal Spring Framework before 3.2.14 and 4.x before 4.1.7 do not pro ... |
CVE-2015-0201 | The Java SockJS client in Pivotal Spring Framework 4.1.x before 4.1.5 ... |
CVE-2014-3625 | Directory traversal vulnerability in Pivotal Spring Framework 3.0.4 th ... |
CVE-2014-3578 | Directory traversal vulnerability in Pivotal Spring Framework 3.x befo ... |
CVE-2014-1904 | Cross-site scripting (XSS) vulnerability in web/servlet/tags/form/Form ... |
CVE-2014-0225 | When processing user provided XML documents, the Spring Framework 4.0. ... |
CVE-2014-0097 | The ActiveDirectoryLdapAuthenticator in Spring Security 3.2.0 to 3.2.1 ... |
CVE-2014-0054 | The Jaxb2RootElementHttpMessageConverter in Spring MVC in Spring Frame ... |
CVE-2013-7315 | The Spring MVC in Spring Framework before 3.2.4 and 4.0.0.M1 through 4 ... |
CVE-2013-6430 | The JavaScriptUtils.javaScriptEscape method in web/util/JavaScriptUtil ... |
CVE-2013-6429 | The SourceHttpMessageConverter in Spring MVC in Spring Framework befor ... |
CVE-2013-4152 | The Spring OXM wrapper in Spring Framework before 3.2.4 and 4.0.0.M1, ... |