ROOT-APP-MAVEN-CVE-2023-20883 CVE-2023-20883 in io.root.org.springframework.boot:spring-boot-autoconfigure - Patched by Root

Root has patched CVE-2023-20883 in the io.root.org.springframework.boot:spring-boot-autoconfigure package for Root:Maven. Multiple fixed versions available...

Security Bulletin: IBM Sterling Control Center is affected by a vulnerability in spring-boot-autoconfigure (CVE-2026-40974)

Summary IBM Sterling Control Center is affected by a vulnerability CVE-2026-40974 reported for spring-boot-autoconfigure-3.4.11.jar. Vulnerability Details CVEID:CVE-2026-40974 DESCRIPTION: Spring Boot's Cassandra auto-configuration does not perform hostname verification when establishing an SSL...

ai.aletyx.kogito:aletyx-kogito-ai-addons-springboot-adhoc-subprocess (>=0.1.0 <=0.2.0), ai.aletyx.kogito:aletyx-kogito-ai-addons-springboot-adhoc-subprocess-storage-jpa (>=0.1.0 <=0.2.0) +17574 more potentially affected by CVE-2026-40971 via org.springframework.boot:spring-boot-autoconfigure (>=3.2.0 <=3.5.13)

org.springframework.boot:spring-boot-autoconfigure MAVEN version =3.2.0, =0.1.0, =0.1.0, =0.2.0, =0.2.0, =0.2.0, =0.2.0, =0.1.1, =0.1.1, =0.1.1, =0.1.1, =0.0.4, =0.6.0 - ai.ancf.lmos:lmos-router-hybrid-spring-boot-starter =0.1.0 - ai.ancf.lmos:lmos-router-llm-in-spring-cloud-gateway-demo =0.1.0 -...

ai.aletyx.kogito:aletyx-kogito-ai-addons-springboot-adhoc-subprocess (>=0.1.0 <=0.2.0), ai.aletyx.kogito:aletyx-kogito-ai-addons-springboot-adhoc-subprocess-storage-jpa (>=0.1.0 <=0.2.0) +20270 more potentially affected by CVE-2026-40974 via org.springframework.boot:spring-boot-autoconfigure (>=3.0.0 <=3.5.13)

org.springframework.boot:spring-boot-autoconfigure MAVEN version =3.0.0, =0.1.0, =0.1.0, =0.2.0, =0.2.0, =0.2.0, =0.2.0, =0.1.1, =0.1.1, =0.1.1, =0.1.1, =0.0.4, =0.6.0 - ai.ancf.lmos:lmos-router-hybrid-spring-boot-starter =0.1.0 - ai.ancf.lmos:lmos-router-llm-in-spring-cloud-gateway-demo =0.1.0 -...

Improper Validation of Certificate with Host Mismatch

Overview Affected versions of this package are vulnerable to Improper Validation of Certificate with Host Mismatch when using an SSL bundle. This effectively weakens TLS by allowing connections without verifying the server identity classic MITM risk. Remediation Upgrade...

ai.platon.pulsar:pulsar-agentic (>=4.5.0 <=4.6.0), ai.platon.pulsar:pulsar-boot (>=4.5.0 <=4.6.0) +4733 more potentially affected by CVE-2026-40971 via org.springframework.boot:spring-boot-autoconfigure (>=4.0.0-M1 <=4.0.5)

org.springframework.boot:spring-boot-autoconfigure MAVEN version =4.0.0-M1, =4.5.0, =4.5.0, =4.5.0, =4.5.0, =4.5.0, =4.7.0, =4.5.0, =4.5.0, =4.5.0, =4.5.0, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =2.0.0-beta-2 and more Source cves: CVE-2026-40971 Source advisory:...

ai.ancf.lmos:arc-runner (>=0.1.1 <=0.114.0), ai.ancf.lmos:lmos-operator (>=0.0.4 <=0.6.0) +4205 more potentially affected by CVE-2026-22733 via org.springframework.boot:spring-boot-actuator-autoconfigure (>=3.0.0 <=3.5.11)

org.springframework.boot:spring-boot-actuator-autoconfigure MAVEN version =3.0.0, =0.1.1, =0.0.4, =0.1.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =cloud-0.1, =0.0.1, =7.0.0, =1.1.0, =2.3.0, =3.4.0 and more Source cves: CVE-2026-22733 Source advisory: SNYK:JAVA-ORGSPRINGFRAMEWORKBOOT-15701...

Denial Of Service (DoS)

spring-boot-autoconfigure is vulnerable to Denial Of Service DoS. The vulnerability is applicable when the application has Spring MVC auto-configuration enabled and uses the Spring Boot welcome page, which can be either static or templated, and the application is deployed behind a proxy which...

ai.ylyue:yue-library-base (=j11.2.6.2), ai.ylyue:yue-library-data-es (=j11.2.6.2) +3471 more potentially affected by CVE-2023-20883 via org.springframework.boot:spring-boot-autoconfigure (>=2.6.0 <=2.6.14)

org.springframework.boot:spring-boot-autoconfigure MAVEN version =2.6.0, =2.2.53, =0.23.9, =0.1.2, =5.7.0, =5.7.7, =5.7.0, =6.4.7 and more Source cves: CVE-2023-20883 Source advisory: OSV:GHSA-XF96-W227-R7C4...

ai.timefold.solver:timefold-solver-spring-boot-autoconfigure (>=0.8.38 <=0.8.39), ai.timefold.solver:timefold-solver-spring-boot-starter (>=0.8.38 <=0.8.39) +4743 more potentially affected by CVE-2023-20883 via org.springframework.boot:spring-boot-autoconfigure (>=2.7.0 <=2.7.11)

org.springframework.boot:spring-boot-autoconfigure MAVEN version =2.7.0, =0.8.38, =0.8.38, =v0.16.1, =v0.16.1, =v0.16.1, =1.0.0, =5.3.1, =2.2.94, =0.23.48, =0.1.13, =1.9, =1.10 - ca.uhn.hapi.fhir:hapi-fhir-spring-boot-autoconfigure =6.6.0 -...

ai.aitia:arrowhead-application-library-java-spring (>=4.4.0.0 <=4.4.0.1), ai.djl.spring:djl-spring-boot-starter-autoconfigure (>=0.2 <=0.11) +26949 more potentially affected by CVE-2023-20883 via org.springframework.boot:spring-boot-autoconfigure (>=1.0.0.RELEASE <=2.5.14)

org.springframework.boot:spring-boot-autoconfigure MAVEN version =1.0.0.RELEASE, =4.4.0.0, =0.2, =0.2, =0.2, =0.2, =0.2, =0.2, =0.5, =0.0.12, =0.1.8, =0.1.6, =0.1.2, =0.0.6, =0.0.11, =0.0.51 and more Source cves: CVE-2023-20883 Source advisory: OSV:GHSA-XF96-W227-R7C4...

ai.timefold.solver:timefold-solver-spring-boot-autoconfigure (>=0.9.38 <=0.9.39), ai.timefold.solver:timefold-solver-spring-boot-starter (>=0.9.38 <=0.9.39) +3806 more potentially affected by CVE-2023-20883 via org.springframework.boot:spring-boot-autoconfigure (>=3.0.0 <=3.0.6)

org.springframework.boot:spring-boot-autoconfigure MAVEN version =3.0.0, =0.9.38, =0.9.38, =2.0.0, =3.0.0, =2.9.9, =0.25.3, =0.1.43, =0.1.65 - cc.vihackerframework:vihacker-annotation =1.0.8.R - cc.vihackerframework:vihacker-auth-starter =1.0.8.R - cc.vihackerframework:vihacker-common-starter...

io.github.talelin:lin-cms-spring-boot-autoconfigure (>=0.0.1-RC1 <=0.2.0-RELEASE), io.github.talelin:lin-cms-spring-boot-starter (>=0.0.1-RC1 <=0.2.0-RELEASE) potentially affected by CVE-2022-44244 via io.github.talelin:lin-cms-core (>=0.0.1-RC2 <=0.2.0-RELEASE)

io.github.talelin:lin-cms-core MAVEN version =0.0.1-RC2, =0.0.1-RC1, =0.0.1-RC1, =0.2.0-RELEASE Source cves: CVE-2022-44244 Source advisory: OSV:GHSA-4VRC-Q7M6-VQ7W...