ai.optfor:spring-openai-api (>=0.1.3 <=0.3.25), ai.timefold.solver:timefold-solver-spring-boot-autoconfigure (>=1.0.0 <=1.4.0) +7517 more potentially affected by CVE-2025-22233 via org.springframework:spring-context (>=6.0.0 <=6.0.23)

org.springframework:spring-context MAVEN version =6.0.0, =0.1.3, =1.0.0, =1.0.0, =0.1.6, =0.0.2, =0.0.6, =0.0.6, =1.3.0, =4.6.18, =4.0.0, =1.0.0, =2.1.0.RELEASE, =2.1.2.RELEASE and more Source cves: CVE-2025-22233 Source advisory: OSV:GHSA-4WP7-92PW-Q264...

ai.aletyx.kogito:aletyx-kogito-ai-addons-springboot-adhoc-subprocess (>=0.1.0 <=0.2.0), ai.aletyx.kogito:aletyx-kogito-ai-addons-springboot-adhoc-subprocess-storage-jpa (>=0.1.0 <=0.2.0) +15299 more potentially affected by CVE-2025-22233 via org.springframework:spring-context (>=6.2.0 <=6.2.6)

org.springframework:spring-context MAVEN version =6.2.0, =0.1.0, =0.1.0, =0.114.0, =0.114.0, =0.114.0, =0.114.0, =0.5.0, =0.8.0, =0.9.0 - ai.astraform:remote-domain-author-kit-java =0.1.0 and more Source cves: CVE-2025-22233 Source advisory: OSV:GHSA-4WP7-92PW-Q264...

Spring Framework DataBinder Case Sensitive Match Exception

CVE-2024-38820 ensured Locale-independent, lowercase conversion for both the configured disallowedFields patterns and for request parameter names. However, there are still cases where it is possible to bypass the disallowedFields checks. Affected Spring Products and Versions Spring Framework: 6.2...

GHSA-4WP7-92PW-Q264 Spring Framework DataBinder Case Sensitive Match Exception

CVE-2024-38820 ensured Locale-independent, lowercase conversion for both the configured disallowedFields patterns and for request parameter names. However, there are still cases where it is possible to bypass the disallowedFields checks. Affected Spring Products and Versions Spring Framework: 6.2...

DEBIAN-CVE-2025-22233

CVE-2024-38820 ensured Locale-independent, lowercase conversion for both the configured disallowedFields patterns and for request parameter names. However, there are still cases where it is possible to bypass the disallowedFields checks. Affected Spring Products and Versions Spring Framework: 6.2...

CVE-2025-22233

CVE-2024-38820 ensured Locale-independent, lowercase conversion for both the configured disallowedFields patterns and for request parameter names. However, there are still cases where it is possible to bypass the disallowedFields checks. Affected Spring Products and Versions Spring Framework: 6.2...

CVE-2025-22233

CVE-2024-38820 ensured Locale-independent, lowercase conversion for both the configured disallowedFields patterns and for request parameter names. However, there are still cases where it is possible to bypass the disallowedFields checks. Affected Spring Products and Versions Spring Framework: 6.2...

UBUNTU-CVE-2025-22233

CVE-2024-38820 ensured Locale-independent, lowercase conversion for both the configured disallowedFields patterns and for request parameter names. However, there are still cases where it is possible to bypass the disallowedFields checks. Affected Spring Products and Versions Spring Framework: 6.2...

Security Bulletin: Vulnerabilities in Spring Boot, Spring Security and Spring Framework might affect IBM Storage Defender Copy Data Management.

Summary IBM Storage Defender Copy Data Management can be affected by vulnerabilities in Spring Boot, Spring Security and Spring Framework. Vulnerabilities include an attacker could exploit this vulnerability to execute arbitrary code, obtain system and session information and cause a denial of...

Security Bulletin: Vulnerabilities in Pivota Spring Framework, VMware Tanzu Spring Framework, VMware Spring Framework might affect IBM Storage Defender Copy Data Management.

Summary IBM Storage Defender Copy Data Management can be affected by vulnerabilities in Pivota Spring Framework, VMware Tanzu Spring Framework, VMware Spring Framework. Vulnerabilities include an attacker and remote attacker could exploit these vulnerabilities to execute arbitrary code on the...

CVE-2025-22233 Spring Framework DataBinder Case Sensitive Match Exception

CVE-2024-38820 ensured Locale-independent, lowercase conversion for both the configured disallowedFields patterns and for request parameter names. However, there are still cases where it is possible to bypass the disallowedFields checks. Affected Spring Products and Versions Spring Framework: 6.2...

CVE-2025-22233

The CVE-2025-22233 entry refers to a vulnerability in Spring Framework where Locale-dependent lowercase conversion still allows bypassing disallowedFields checks in data binding. Affected products/versions include Spring Framework 6.2.0–6.2.6, 6.1.0–6.1.19, 6.0.0–6.0.27, and 5.3.0–5.3.42 (older v...

CVE-2025-22233 Spring Framework DataBinder Case Sensitive Match Exception

CVE-2024-38820 ensured Locale-independent, lowercase conversion for both the configured disallowedFields patterns and for request parameter names. However, there are still cases where it is possible to bypass the disallowedFields checks. Affected Spring Products and Versions Spring Framework: 6.2...

CVE-2025-22233

CVE-2024-38820 ensured Locale-independent, lowercase conversion for both the configured disallowedFields patterns and for request parameter names. However, there are still cases where it is possible to bypass the disallowedFields checks. Affected Spring Products and Versions Spring Framework: 6.2...

VMware Spring Framework 输入验证错误漏洞

VMware Spring Framework is a set of open source Java, JavaEE application frameworks from VMware. The framework helps developers build high-quality applications. A security vulnerability exists in VMware Spring Framework versions 6.2.0 through 6.2.6, 6.1.0 through 6.1.19, 6.0.0 through 6.0.27, and...

PT-2025-21751

Name of the Vulnerable Software and Affected Versions: Spring Framework versions 5.3.0 through 5.3.42 Spring Framework versions 6.0.0 through 6.0.27 Spring Framework versions 6.1.0 through 6.1.19 Spring Framework versions 6.2.0 through 6.2.6 Description: The issue concerns a bypass of disallowed...

A Bootiful Podcast: Donald Raab on Eclipse Collections

Hi, Spring fans! In this edition, we talk to Eclipse Collections founder Donald Raab...

ai.ancf.lmos-router:lmos-router-hybrid-spring-boot-starter (=0.28.0), ai.ancf.lmos-router:lmos-router-llm-in-spring-cloud-gateway-demo (=0.28.0) +11627 more potentially affected by CVE-2024-38820 +1 more via org.springframework:spring-context (>=6.1.0 <=6.1.2)

org.springframework:spring-context MAVEN version =6.1.0, =0.1.1, =0.1.1, =0.1.1, =0.1.1, =0.0.4, =0.1.0, =0.1.0, =0.11.0 - ai.djl.spring:djl-spring-boot-starter-autoconfigure =0.26 - ai.djl.spring:djl-spring-boot-starter-mxnet-auto =0.26 - ai.djl.spring:djl-spring-boot-starter-mxnet-linux-x8664...

Improper Handling of Case Sensitivity

Overview Affected versions of this package are vulnerable to Improper Handling of Case Sensitivity due to an incomplete fix for CVE-2024-38820, where it is still possible to bypass the disallowedFields checks. Note: This vulnerability was also fixed in commercial versions 6.0.28 and 5.3.43...

ai.aletyx.kogito:aletyx-kogito-ai-addons-springboot-adhoc-subprocess (>=0.1.0 <=0.2.0), ai.aletyx.kogito:aletyx-kogito-ai-addons-springboot-adhoc-subprocess-storage-jpa (>=0.1.0 <=0.2.0) +15299 more potentially affected by CVE-2024-38820 +1 more via org.springframework:spring-context (>=6.2.0 <=6.2.6)

org.springframework:spring-context MAVEN version =6.2.0, =0.1.0, =0.1.0, =0.114.0, =0.114.0, =0.114.0, =0.114.0, =0.5.0, =0.8.0, =0.9.0 - ai.astraform:remote-domain-author-kit-java =0.1.0 and more Source cves: CVE-2024-38820, CVE-2025-22233 Source advisory: SNYK:JAVA-ORGSPRINGFRAMEWORK-10176071...