Spring Framework 安全漏洞

Spring Framework is a Spring open source application development framework. A security vulnerability exists in Spring Framework versions 6.2.0 through 6.2.11, 6.1.0 through 6.1.23, 6.0.x through 6.0.29, and 5.3.0 through 5.3.45, which stems from a possible security bypass in a STOMP over WebSocke...

Important: Red Hat Security Advisory: Red Hat Build of Apache Camel 4.10.7 for Spring Boot release.

Red Hat build of Apache Camel 4.10.7 for Spring Boot patch release and security update is now available. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

org.springframework/spring-core: Spring Framework Annotation Detection Vulnerability

The Spring Framework annotation detection mechanism may not correctly resolve annotations on methods within type hierarchies with a parameterized super type with unbounded generics. This can be an issue if such annotations are used for authorization decisions...

Security Bulletin: Multiple vulnerabilities in Spring may affect IBM Business Automation Workflow - CVE-2024-38820, CVE-2025-22233

Summary IBM Business Automation Workflow packages vulnerable copies of Spring framework. Vulnerability Details CVEID:CVE-2024-38820 DESCRIPTION: The fix for CVE-2022-22968 made disallowedFields patterns in DataBinder case insensitive. However, String.toLowerCase has some Locale dependent exceptio...

EUVD-2025-31861

A vulnerability was detected in code-projects E-Commerce Website 1.0. Impacted is an unknown function of the file /pages/editorderdetails.php. The manipulation of the argument orderid results in sql injection. The attack may be launched remotely. The exploit is now public and may be used...

Security Bulletin: IBM Sterling Connect:Direct Web Services is affected by a vulnerability in spring-web-6.2.3.jar(CVE-2025-41234)

Summary IBM Sterling Connect:Direct Web Services is vulnerable to a reflected file download RFD attack in spring-web-6.2.3. This has been addressed in new fixpacks available from Fix Central. Vulnerability Details CVEID:CVE-2025-41234 DESCRIPTION: Description In Spring Framework, versions 6.0.x a...

EUVD-2018-0493

Malware in sbrugna...

EUVD-2018-0682

Malware in sbrugna...

EUVD-2021-0788

Malware in sbrugna...

EUVD-2018-0561

Malware in sbrugna...

EUVD-2018-0587

Malware in sbrugna...

EUVD-2021-16096

Malware in sbrugna...

EUVD-2018-0477

Malware in sbrugna...

EUVD-2018-0549

Malware in sbrugna...

EUVD-2018-0524

Malware in sbrugna...

EUVD-2018-0586

Malware in sbrugna...

EUVD-2018-0494

Malware in sbrugna...

EUVD-2020-0253

Malware in sbrugna...

EUVD-2018-0652

Malware in sbrugna...

Unity Linux 20.1070e Security Update: springframework (UTSA-2025-680594)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-680594 advisory. n Spring Framework versions 5.3.0 - 5.3.16 and older unsupported versions, it is possible for a user to provide a specially crafted SpEL expression that may cause a...