1876 matches found
VMware Spring Framework <= 5.3.44, 6.0.0 - 6.1.22, 6.2.0 - 6.2.10 Annotation Detection Vulnerability - Windows
The VMware Spring Framework is prone to an annotation detection vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
PT-2025-37861
Name of the Vulnerable Software and Affected Versions Spring Framework affected versions not specified Description The Spring Security annotation detection mechanism may not correctly resolve annotations on methods within type hierarchies with a parameterized super type. This can lead to an...
PT-2025-37862
Name of the Vulnerable Software and Affected Versions Spring Framework affected versions not specified Description The Spring Framework annotation detection mechanism may not correctly resolve annotations on methods within type hierarchies with a parameterized super type. This can lead to an...
This Week in Spring - September 9th, 2025
Hi, Spring fans! Welcome to another installment of This Week in Spring! I am home, ensconced in my studio here in somewhat sunny San Francisco, California, relaxing and trying to catch up on stuff I missed. As always, there's a ton! So let's dive right into it. Some of the amazing features that...
Core Spring Resilience Features: @ConcurrencyLimit, @Retryable, and RetryTemplate
This is the first blog post in the Road to GA series, highlighting major features within the Spring portfolio for the next major versions to be released in November of this year. Today we are proud to announce the new resilience features coming in Spring Framework 7.0: concurrency throttling and...
Exploit for Code Injection in Vmware Spring_Framework
No description...
Security Bulletin: Vulnerabilities in dependencies affect IBM Common Licensing
Summary Security Vulnerabilities in dependencies affect IBM Common Licensing. These vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2024-38820 DESCRIPTION: The fix for CVE-2022-22968 made disallowedFields patterns in DataBinder case insensitive. However, String.toLowerCase ha...
This Week in Spring - September 2nd, 2025
Hi, Spring fans! Welcome to another installment of This Week in Spring! I'm in Frankfurt, awaiting my flight to the Java-tastic Javazone 2025 event where I'll be joined by the legendary James Ward to deliver an AI-focused look at the latest-and-greatest in Spring! And I'm still recovering from th...
Linux Distros Unpatched Vulnerability : CVE-2025-41242
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Spring Framework MVC applications can be vulnerable to a Path Traversal Vulnerability when deployed on a non-compliant Servlet container. An application can be...
Linux Distros Unpatched Vulnerability : CVE-2018-11039
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Spring Framework versions 5.0.x prior to 5.0.7, versions 4.3.x prior to 4.3.18, and older unsupported versions allow web applications to change the HTTP request...
Linux Distros Unpatched Vulnerability : CVE-2020-17510
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Apache Shiro before 1.7.0, when using Apache Shiro with Spring, a specially crafted HTTP request may cause an authentication bypass. CVE-2020-17510 Note that...
Linux Distros Unpatched Vulnerability : CVE-2021-22060
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Spring Framework versions 5.3.0 - 5.3.13, 5.2.0 - 5.2.18, and older unsupported versions, it is possible for a user to provide malicious input to cause the...
Linux Distros Unpatched Vulnerability : CVE-2020-5398
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Spring Framework, versions 5.2.x prior to 5.2.3, versions 5.1.x prior to 5.1.13, and versions 5.0.x prior to 5.0.16, an application is vulnerable to a...
Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in spring-context-6.2.5.jar
Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of spring-context-6.2.5.jar Vulnerability Details CVEID:CVE-2025-22233 DESCRIPTION: CVE-2024-38820 ensured Locale-independent, lowercase conversion for both the configured disallowedFields patterns and for request parameter...
Linux Distros Unpatched Vulnerability : CVE-2020-5397
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Spring Framework, versions 5.2.x prior to 5.2.3 are vulnerable to CSRF attacks through CORS preflight requests that target Spring MVC spring-webmvc module or...
Linux Distros Unpatched Vulnerability : CVE-2018-11040
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Spring Framework, versions 5.0.x prior to 5.0.7 and 4.3.x prior to 4.3.18 and older unsupported versions, allows web applications to enable cross-domain request...
Linux Distros Unpatched Vulnerability : CVE-2023-20863
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In spring framework versions prior to 5.2.24 release+ ,5.3.27+ and 6.0.8+ , it is possible for a user to provide a specially crafted SpEL expression that may...
Security Bulletin: IBM Sterling Connect:Direct for Microsoft Windows is vulnerable to an issue in Spring Framework
Summary There is vulnerability in Spring Framework used by Integrated Webservices in IBM Sterling Connect:Direct for Microsoft Windows. IBM Sterling Connect:Direct for Microsoft Windows has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2025-41234 DESCRIPTION: Description In Spring...
Linux Distros Unpatched Vulnerability : CVE-2025-22233
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - CVE-2024-38820 ensured Locale-independent, lowercase conversion for both the configured disallowedFields patterns and for request parameter names. However, ther...
Linux Distros Unpatched Vulnerability : CVE-2016-5007
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Both Spring Security 3.2.x, 4.0.x, 4.1.0 and the Spring Framework 3.2.x, 4.0.x, 4.1.x, 4.2.x rely on URL pattern mappings for authorization and for mapping...