VMware Spring CLI VSCode Extension 安全漏洞

VMware Spring CLI VSCode Extension is a Visual Studio Code add-in from VMware, Inc. A security vulnerability exists in VMware Spring CLI VSCode Extension that originates from command injection and could lead to the execution of commands on a user's machine...

This Week in Spring - January 13th, 2026

Hi, Spring fans, and welcome to another installment of This Week in Spring! It's the 13th of January, 2026, and it's been quite the week indeed! Let's dive right into it! Nobody, and I mean nobody , asked. So I put together a video on how to use Spring WS to build SOAP-based services in 2026. Hey...

CVE-2023-43961

An issue in Dromara SaToken version 1.3.50RC and before when using Spring dynamic controllers, a specially crafted request may cause an authentication bypass...

CVE-2023-29986

spring-boot-actuator-logview 0.2.13 allows Directory Traversal to sibling directories via LogViewEndpoint.view...

CVE-2021-22097

In Spring AMQP versions 2.2.0 - 2.2.18 and 2.3.0 - 2.3.10, the Spring AMQP Message object, in its toString method, will deserialize a body for a message with content type application/x-java-serialized-object. It is possible to construct a malicious java.util.Dictionary object that can cause 100%...

CVE-2021-22044

In Spring Cloud OpenFeign 3.0.0 to 3.0.4, 2.2.0.RELEASE to 2.2.9.RELEASE, and older unsupported versions, applications using type-level @RequestMappingannotations over Feign client interfaces, can be involuntarily exposing endpoints corresponding to @RequestMapping-annotated interface methods...

CVE-2021-22053

Applications using both spring-cloud-netflix-hystrix-dashboard and spring-boot-starter-thymeleaf expose a way to execute code submitted within the request URI path during the resolution of view templates. When a request is made at /hystrix/monitor;user-provided data, the path elements following...

CVE-2021-22113

Applications using the “Sensitive Headers” functionality in Spring Cloud Netflix Zuul 2.2.6.RELEASE and below may be vulnerable to bypassing the “Sensitive Headers” restriction when executing requests with specially constructed URLs. Applications that use Spring Security's StrictHttpFirewall...

CVE-2021-22047

In Spring Data REST versions 3.4.0 - 3.4.13, 3.5.0 - 3.5.5, and older unsupported versions, HTTP resources implemented by custom controllers using a configured base API path and a controller type-level request mapping are additionally exposed under URIs that can potentially be exposed for...

CVE-2022-31691

Spring Tools 4 for Eclipse version 4.16.0 and below as well as VSCode extensions such as Spring Boot Tools, Concourse CI Pipeline Editor, Bosh Editor and Cloudfoundry Manifest YML Support version 1.39.0 and below all use Snakeyaml library for YAML editing support. This library allows for some...

CVE-2020-12083

An elevated privileges issue related to Spring MVC calls impacts Code Insight v7.x releases up to and including 2020 R1 7.11.0-64...

ai.houyi:dorado (>=0.0.1 <=0.0.8), ai.houyi:dorado-core (>=0.0.11 <=0.0.51) +3600 more potentially affected by CVE-2025-70974 via com.alibaba:fastjson (>=1.1.15 <=1.2.47)

com.alibaba:fastjson MAVEN version =1.1.15, =0.0.1, =0.0.11, =0.0.16, =0.0.1, =0.0.14, =0.0.47, =0.0.14, =0.3.0, =3.0.0, =1.0.0, =1.0.1, =1.0.2 and more Source cves: CVE-2025-70974 Source advisory: OSV:GHSA-JM7W-5684-PVH8...

Security Bulletin: Data Binding Validation Bypass in Spring Framework, affects watsonx.data

Summary There are still cases where it is possible to bypass the disallowedFields checks. Affected Spring Products and Versions Spring Framework: 6.2.0 - 6.2.6 6.1.0 - 6.1.19 6.0.0 - 6.0.27 5.3.0 - 5.3.42 Older, unsupported versions are also affected Mitigation Users of affected versions should...

Security Bulletin: IBM Controller is vulnerable to a Path Traversal vulnerability

Summary IBM Controller has addressed a Path Traversal vulnerability present in Spring Framework MVC applications Vulnerability Details CVEID:CVE-2025-41242 DESCRIPTION: Spring Framework MVC applications can be vulnerable to a “Path Traversal Vulnerability” when deployed on a non-compliant Servlet...

A Bootiful Podcast: Spring Security lead Rob Winchon Spring Security 7

Hi, Spring fans! In this installment, I have the privilege of sitting down and talking to the legendary Rob Winch, lead of Spring Security, Spring Session, and the amazing Testjars project...

Security Bulletin: vulerability in IBM Spectrum Symphony with spring webmvc

Summary vulerability in IBM Spectrum Symphony with spring webmvc Vulnerability Details CVEID:CVE-2025-41242 DESCRIPTION: Spring Framework MVC applications can be vulnerable to a “Path Traversal Vulnerability” when deployed on a non-compliant Servlet container. An application can be vulnerable whe...

Exploit for Deserialization of Untrusted Data in Vmware Spring_Framework

CVE-2016-1000027-with-c...

Atlassian Confluence 10.1.x< 10.1.1 (CONFSERVER-101485)

The version of Atlassian Confluence Server running on the remote host is affected by a vulnerability as referenced in the CONFSERVER-101485 advisory. - The Spring Security annotation detection mechanism may not correctly resolve annotations on methods within type hierarchies with a parameterized...

warehouse 授权问题漏洞

warehouse is a spring boot based logistics management system for small and medium-sized warehouses by yeqifu individual developers. There is an authorization issue vulnerability in warehouse, which originates from improper authorization of the function saveUserRole in the file...

warehouse 路径遍历漏洞

warehouse is a spring boot based logistics management system for small and medium sized warehouses by yeqifu individual developers. warehouse has a path traversal vulnerability, the vulnerability stems from the wrong operation of the parameter path in the file...