17 matches found
ROOT-APP-MAVEN-CVE-2026-40992 CVE-2026-40992 in io.root.org.springframework.boot:spring-boot-autoconfigure - Patched by Root
Root has patched CVE-2026-40992 in the io.root.org.springframework.boot:spring-boot-autoconfigure package for Root:Maven. Multiple fixed versions available...
ROOT-APP-MAVEN-CVE-2023-20883 CVE-2023-20883 in io.root.org.springframework.boot:spring-boot-autoconfigure - Patched by Root
Root has patched CVE-2023-20883 in the io.root.org.springframework.boot:spring-boot-autoconfigure package for Root:Maven. Multiple fixed versions available...
Improper Validation of Certificate with Host Mismatch
Overview Affected versions of this package are vulnerable to Improper Validation of Certificate with Host Mismatch via missing hostname verification in the auto-configuration. An attacker can impersonate a trusted mail server and intercept or manipulate SMTP communications because hostname...
Insecure Temporary File
Overview Affected versions of this package are vulnerable to Insecure Temporary File via the default data directory configuration in ArtemisEmbeddedConfigurationFactory. A local attacker can tamper with or redirect the embedded Artemis broker's data storage by pre-creating the predictable data...
Security Bulletin: Due to use of spring-boot-autoconfigure-3.5.13.jar, IBM Sterling Connect:Direct Web Services is vulnerable to not perform hostname verification.
Summary spring-boot-autoconfigure-3.5.13.jar is used by IBM Sterling Connect:Direct Web Services CVE-2026-40971, CVE-2026-40974. Vulnerability Details CVEID:CVE-2026-40971 DESCRIPTION: When configured to use an SSL bundle, Spring Boot's RabbitMQ auto-configuration does not perform hostname...
Security Bulletin: IBM Sterling Control Center is affected by a vulnerability in spring-boot-autoconfigure (CVE-2026-40974)
Summary IBM Sterling Control Center is affected by a vulnerability CVE-2026-40974 reported for spring-boot-autoconfigure-3.4.11.jar. Vulnerability Details CVEID:CVE-2026-40974 DESCRIPTION: Spring Boot's Cassandra auto-configuration does not perform hostname verification when establishing an SSL...
Improper Validation of Certificate with Host Mismatch
Overview Affected versions of this package are vulnerable to Improper Validation of Certificate with Host Mismatch when using an SSL bundle. This effectively weakens TLS by allowing connections without verifying the server identity classic MITM risk. Remediation Upgrade...
ai.aletyx.kogito:aletyx-kogito-ai-addons-springboot-adhoc-subprocess (>=0.1.0 <=0.2.0), ai.aletyx.kogito:aletyx-kogito-ai-addons-springboot-adhoc-subprocess-storage-jpa (>=0.1.0 <=0.2.0) +17982 more potentially affected by CVE-2026-40971 via org.springframework.boot:spring-boot-autoconfigure (>=3.2.0 <=3.5.13)
org.springframework.boot:spring-boot-autoconfigure MAVEN version =3.2.0, =0.1.0, =0.1.0, =0.2.0, =0.2.0, =0.2.0, =0.2.0, =0.1.1, =0.1.1, =0.1.1, =0.1.1, =0.0.4, =0.6.0 - ai.ancf.lmos:lmos-router-hybrid-spring-boot-starter =0.1.0 - ai.ancf.lmos:lmos-router-llm-in-spring-cloud-gateway-demo =0.1.0 -...
ai.platon.pulsar:pulsar-agentic (>=4.5.0 <=4.6.0), ai.platon.pulsar:pulsar-boot (>=4.5.0 <=4.8.4) +5026 more potentially affected by CVE-2026-40971 via org.springframework.boot:spring-boot-autoconfigure (>=4.0.0-M1 <=4.0.5)
org.springframework.boot:spring-boot-autoconfigure MAVEN version =4.0.0-M1, =4.5.0, =4.5.0, =4.5.0, =4.5.0, =4.5.0, =4.7.0, =4.5.0, =4.5.0, =4.5.0, =4.5.0, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =2.0.0-beta-2 and more Source cves: CVE-2026-40971 Source advisory:...
ai.aletyx.kogito:aletyx-kogito-ai-addons-springboot-adhoc-subprocess (>=0.1.0 <=0.2.0), ai.aletyx.kogito:aletyx-kogito-ai-addons-springboot-adhoc-subprocess-storage-jpa (>=0.1.0 <=0.2.0) +20700 more potentially affected by CVE-2026-40974 via org.springframework.boot:spring-boot-autoconfigure (>=3.0.0 <=3.5.13)
org.springframework.boot:spring-boot-autoconfigure MAVEN version =3.0.0, =0.1.0, =0.1.0, =0.2.0, =0.2.0, =0.2.0, =0.2.0, =0.1.1, =0.1.1, =0.1.1, =0.1.1, =0.0.4, =0.6.0 - ai.ancf.lmos:lmos-router-hybrid-spring-boot-starter =0.1.0 - ai.ancf.lmos:lmos-router-llm-in-spring-cloud-gateway-demo =0.1.0 -...
ai.ancf.lmos:arc-runner (>=0.1.1 <=0.114.0), ai.ancf.lmos:lmos-operator (>=0.0.4 <=0.6.0) +4275 more potentially affected by CVE-2026-22733 via org.springframework.boot:spring-boot-actuator-autoconfigure (>=3.0.0 <=3.5.11)
org.springframework.boot:spring-boot-actuator-autoconfigure MAVEN version =3.0.0, =0.1.1, =0.0.4, =0.1.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.24, =1.0.27, =1.0.0, =1.0.0, =cloud-0.1, =0.0.1, =7.0.0, =7.2.0 and more Source cves: CVE-2026-22733 Source advisory:...
Denial Of Service (DoS)
spring-boot-autoconfigure is vulnerable to Denial Of Service DoS. The vulnerability is applicable when the application has Spring MVC auto-configuration enabled and uses the Spring Boot welcome page, which can be either static or templated, and the application is deployed behind a proxy which...
ai.ylyue:yue-library-base (=j11.2.6.2), ai.ylyue:yue-library-data-es (=j11.2.6.2) +3480 more potentially affected by CVE-2023-20883 via org.springframework.boot:spring-boot-autoconfigure (>=2.6.0 <=2.6.14)
org.springframework.boot:spring-boot-autoconfigure MAVEN version =2.6.0, =2.2.53, =0.23.9, =0.1.2, =5.7.0, =5.7.7, =5.7.0, =6.4.7 and more Source cves: CVE-2023-20883 Source advisory: OSV:GHSA-XF96-W227-R7C4...
ai.aitia:arrowhead-application-library-java-spring (>=4.4.0.0 <=4.4.0.1), ai.djl.spring:djl-spring-boot-starter-autoconfigure (>=0.2 <=0.11) +26968 more potentially affected by CVE-2023-20883 via org.springframework.boot:spring-boot-autoconfigure (>=1.0.0.RELEASE <=2.5.14)
org.springframework.boot:spring-boot-autoconfigure MAVEN version =1.0.0.RELEASE, =4.4.0.0, =0.2, =0.2, =0.2, =0.2, =0.2, =0.2, =0.5, =0.0.12, =0.1.8, =0.1.6, =0.1.2, =0.0.6, =0.0.11, =0.0.51 and more Source cves: CVE-2023-20883 Source advisory: OSV:GHSA-XF96-W227-R7C4...
ai.timefold.solver:timefold-solver-spring-boot-autoconfigure (>=0.9.38 <=0.9.39), ai.timefold.solver:timefold-solver-spring-boot-starter (>=0.9.38 <=0.9.39) +3808 more potentially affected by CVE-2023-20883 via org.springframework.boot:spring-boot-autoconfigure (>=3.0.0 <=3.0.6)
org.springframework.boot:spring-boot-autoconfigure MAVEN version =3.0.0, =0.9.38, =0.9.38, =2.0.0, =3.0.0, =2.9.9, =0.25.3, =0.1.43, =0.1.65 - cc.vihackerframework:vihacker-annotation =1.0.8.R - cc.vihackerframework:vihacker-auth-starter =1.0.8.R - cc.vihackerframework:vihacker-common-starter...
ai.timefold.solver:timefold-solver-spring-boot-autoconfigure (>=0.8.38 <=0.8.39), ai.timefold.solver:timefold-solver-spring-boot-starter (>=0.8.38 <=0.8.39) +4744 more potentially affected by CVE-2023-20883 via org.springframework.boot:spring-boot-autoconfigure (>=2.7.0 <=2.7.11)
org.springframework.boot:spring-boot-autoconfigure MAVEN version =2.7.0, =0.8.38, =0.8.38, =v0.16.1, =v0.16.1, =v0.16.1, =1.0.0, =5.3.1, =2.2.94, =0.23.48, =0.1.13, =1.9, =1.10 - ca.uhn.hapi.fhir:hapi-fhir-spring-boot-autoconfigure =6.6.0 -...
io.github.talelin:lin-cms-spring-boot-autoconfigure (>=0.0.1-RC1 <=0.2.0-RELEASE), io.github.talelin:lin-cms-spring-boot-starter (>=0.0.1-RC1 <=0.2.0-RELEASE) potentially affected by CVE-2022-44244 via io.github.talelin:lin-cms-core (>=0.0.1-RC2 <=0.2.0-RELEASE)
io.github.talelin:lin-cms-core MAVEN version =0.0.1-RC2, =0.0.1-RC1, =0.0.1-RC1, =0.2.0-RELEASE Source cves: CVE-2022-44244 Source advisory: OSV:GHSA-4VRC-Q7M6-VQ7W...