UBUNTU-CVE-2025-41242

Spring Framework MVC applications can be vulnerable to a “Path Traversal Vulnerability” when deployed on a non-compliant Servlet container. An application can be vulnerable when all the following are true: the application is deployed as a WAR or with an embedded Servlet container the Servlet...

CVE-2025-41242 CVE-2025-41242: Path traversal vulnerability on non-compliant Servlet containers

Spring Framework MVC applications can be vulnerable to a “Path Traversal Vulnerability” when deployed on a non-compliant Servlet container. An application can be vulnerable when all the following are true: the application is deployed as a WAR or with an embedded Servlet container the Servlet...

CVE-2025-41242

Spring Framework MVC applications can be vulnerable to a “Path Traversal Vulnerability” when deployed on a non-compliant Servlet container. An application can be vulnerable when all the following are true: the application is deployed as a WAR or with an embedded Servlet container the Servlet...

CVE-2025-41242 CVE-2025-41242: Path traversal vulnerability on non-compliant Servlet containers

Spring Framework MVC applications can be vulnerable to a “Path Traversal Vulnerability” when deployed on a non-compliant Servlet container. An application can be vulnerable when all the following are true: the application is deployed as a WAR or with an embedded Servlet container the Servlet...

CVE-2025-41242

CVE-2025-41242 is a path traversal vulnerability in Spring Framework MVC when deployed on a non‑compliant Servlet container. An app is at risk if it is WAR‑deployed or uses an embedded container, the container does not reject suspicious URI sequences, and the app serves static resources via Sprin...

Linux Distros Unpatched Vulnerability : CVE-2020-5421

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Spring Framework versions 5.2.0 - 5.2.8, 5.1.0 - 5.1.17, 5.0.0 - 5.0.18, 4.3.0 - 4.3.28, and older unsupported versions, the protections against RFD attacks...

Linux Distros Unpatched Vulnerability : CVE-2023-20860

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Spring Framework running version 6.0.0 - 6.0.6 or 5.3.0 - 5.3.25 using as a pattern in Spring Security configuration with the mvcRequestMatcher creates a mismat...

Linux Distros Unpatched Vulnerability : CVE-2024-22259

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Applications that use UriComponentsBuilder in Spring Framework to parse an externally provided URL e.g. through a query parameter AND perform validation checks ...

VMware Spring Framework 安全漏洞

VMware Spring Framework is a set of open source Java, JavaEE application frameworks from VMware. The framework helps developers build high-quality applications. A security vulnerability exists in VMware Spring Framework that stems from a path traversal vulnerability on a non-compliant servlet...

Linux Distros Unpatched Vulnerability : CVE-2021-41303

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Apache Shiro before 1.8.0, when using Apache Shiro with Spring Boot, a specially crafted HTTP request may cause an authentication bypass. Users should update to...

Linux Distros Unpatched Vulnerability : CVE-2020-1957

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Apache Shiro before 1.5.2, when using Apache Shiro with Spring dynamic controllers, a specially crafted request may cause an authentication bypass. CVE-2020-195...

Linux Distros Unpatched Vulnerability : CVE-2025-41234

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Description In Spring Framework, versions 6.0.x as of 6.0.5, versions 6.1.x and 6.2.x, an application is vulnerable to a reflected file download RFD attack when...

Relative Path Traversal

Overview org.springframework:spring-beans is a package that is the basis for Spring Framework's IoC container. The BeanFactory interface provides an advanced configuration mechanism capable of managing any type of object. Affected versions of this package are vulnerable to Relative Path Traversal...

A Bootiful Podcast: Architecture sage and Spring Modulith lead Oliver Drotbohm

Hi, Spring fans! In this installment I caught up with architecture guru and Spring Modulith founder and lead Oliver Drotbohm and we looked at some of the amazing possibilities in Spring Modulith 2.0, coming after Spring Framework 7.0 and Spring Boot 4.0 drop later this year!...

ai.ancf.lmos-router:lmos-router-hybrid-spring-boot-starter (=0.28.0), ai.ancf.lmos-router:lmos-router-llm-in-spring-cloud-gateway-demo (>=0.2.0 <=0.28.0) +21501 more potentially affected by CVE-2025-41242 via org.springframework:spring-beans (>=6.0.0 <=6.2.1)

org.springframework:spring-beans MAVEN version =6.0.0, =0.2.0, =0.1.1, =0.1.1, =0.1.1, =0.1.1, =0.0.4, =0.1.0, =0.1.0, =0.11.0 - ai.djl.spring:djl-spring-boot-starter-autoconfigure =0.26 - ai.djl.spring:djl-spring-boot-starter-mxnet-auto =0.26 -...

ai.new-wave:spring-agent-app (>=0.1.0 <=0.3.0), ai.new-wave:spring-agent-core (>=0.1.0 <=0.3.0) +2850 more potentially affected by CVE-2025-55163 via io.netty:netty-codec-http2 (>=4.2.0.Alpha1 <=4.2.3.Final)

io.netty:netty-codec-http2 MAVEN version =4.2.0.Alpha1, =0.1.0, =0.1.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.1 and more Source cves: CVE-2025-55163 Source advisory: SNYK:JAVA-IONETTY-11799531...

ai.new-wave:spring-agent-app (>=0.1.0 <=0.3.0), ai.new-wave:spring-agent-core (>=0.1.0 <=0.3.0) +2850 more potentially affected by CVE-2025-55163 via io.netty:netty-codec-http2 (>=4.2.0.Alpha1 <=4.2.3.Final)

io.netty:netty-codec-http2 MAVEN version =4.2.0.Alpha1, =0.1.0, =0.1.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.1 and more Source cves: CVE-2025-55163 Source advisory: OSV:GHSA-PRJ3-CCX8-P6X4...

app.cash.backfila:client-misk (>=0.1.0 <=2023.11.24.141218-0357917), app.cash.backfila:client-misk-dynamodb (>=0.1.3-20210127.1838-76ab4fc <=0.1.4-20210806.0204-5341f38) +1448 more potentially affected by CVE-2025-8916 via org.bouncycastle:bcprov-ext-jdk15on (>=1.49 <=1.70)

org.bouncycastle:bcprov-ext-jdk15on MAVEN version =1.49, =0.1.0, =0.1.3-20210127.1838-76ab4fc, =0.1.3-20210127.1838-76ab4fc, =0.1.3-20210805.0116-93702c4, =0.1.3-20210805.0116-93702c4, =0.1.0, =2023.06.07.114626-93b9d6f, =0.1.0, =0.1.4-20220614.0152-5ae0eef, =3.0.1, =2.10.0-11-1, =1.1.5, =1.0.2,...

com.baomidou:kisso (>=2.0 <=3.6.10), com.baomidou:spring-wind (>=1.0 <=1.1.4) +104 more potentially affected by CVE-2025-8916 via org.bouncycastle:bcprov-jdk14 (>=1.43 <=1.78.1)

org.bouncycastle:bcprov-jdk14 MAVEN version =1.43, =2.0, =1.0, =9.1.20, =0.1.1, =1.0.1.0.20180504134220, =1.5.4, =2.2, =2.0.1, =2.1.3 and more Source cves: CVE-2025-8916 Source advisory: SNYK:JAVA-ORGBOUNCYCASTLE-11789693...

ai.ancf.lmos-router:lmos-router-llm-in-spring-cloud-gateway-demo (>=0.2.0 <=0.28.0), ai.ancf.lmos:lmos-router-llm-in-spring-cloud-gateway-demo (=0.1.0) +12656 more potentially affected by CVE-2025-8916 via org.bouncycastle:bcprov-jdk18on (>=1.71 <=1.78.1)

org.bouncycastle:bcprov-jdk18on MAVEN version =1.71, =0.2.0, =0.31.0, =0.5.0, =0.6.0, =0.5.0, =0.6.0, =0.5.0, =0.7.0, =0.7.0, =0.5.0, =0.8.3, =0.8.3, =0.8.3, =0.5.0, =0.8.7 and more Source cves: CVE-2025-8916 Source advisory: SNYK:JAVA-ORGBOUNCYCASTLE-11789695...