113 matches found
ROOT-APP-MAVEN-CVE-2026-22741 CVE-2026-22741 in io.root.org.springframework:spring-webmvc - Patched by Root
Root has patched CVE-2026-22741 in the io.root.org.springframework:spring-webmvc package for Root:Maven. Multiple fixed versions available...
ROOT-APP-MAVEN-CVE-2023-20860 CVE-2023-20860 in io.root.org.springframework:spring-webmvc - Patched by Root
Root has patched CVE-2023-20860 in the io.root.org.springframework:spring-webmvc package for Root:Maven. Multiple fixed versions available...
ROOT-APP-MAVEN-CVE-2025-41242 CVE-2025-41242 in io.root.org.springframework:spring-webmvc - Patched by Root
Root has patched CVE-2025-41242 in the io.root.org.springframework:spring-webmvc package for Root:Maven. Multiple fixed versions available...
ROOT-APP-MAVEN-CVE-2024-38828 CVE-2024-38828 in io.root.org.springframework:spring-webmvc - Patched by Root
Root has patched CVE-2024-38828 in the io.root.org.springframework:spring-webmvc package for Root:Maven. Multiple fixed versions available...
ROOT-APP-MAVEN-CVE-2026-22737 CVE-2026-22737 in io.root.org.springframework:spring-webmvc - Patched by Root
Root has patched CVE-2026-22737 in the io.root.org.springframework:spring-webmvc package for Root:Maven. Multiple fixed versions available...
CVE-2026-47825
Spring Cloud Gateway Server forwards the X-Forwarded-For and Forwarded headers from untrusted proxies in certain configuration scenarios. This affects both the WebMVC and WebFlux Gateway Servers. Affected versions: Spring Cloud Gateway 3.1.x fix 3.1.13. Spring Cloud Gateway 4.1.x fix 4.1.13. Spri...
PT-2026-49468
Spring Cloud Gateway Server forwards the X-Forwarded-For and Forwarded headers from untrusted proxies in certain configuration scenarios. This affects both the WebMVC and WebFlux Gateway Servers. Affected versions: Spring Cloud Gateway 3.1.x fix 3.1.13. Spring Cloud Gateway 4.1.x fix 4.1.13. Spri...
Access Control Bypass
Overview org.springframework.data:spring-data-rest-webmvc is a maven plugin for Spring Data REST - WebMVC. Affected versions of this package are vulnerable to Access Control Bypass in the Querydsl integration, which accepts arbitrary persistent property paths as request-parameter filter keys...
Open Redirect
Overview org.springframework:spring-webmvc is a package that provides Model-View-Controller MVC architecture and ready components that can be used to develop flexible and loosely coupled web applications. Affected versions of this package are vulnerable to Open Redirect via view resolution for "/...
Cross-site Scripting (XSS)
Overview org.springframework:spring-webmvc is a package that provides Model-View-Controller MVC architecture and ready components that can be used to develop flexible and loosely coupled web applications. Affected versions of this package are vulnerable to Cross-site Scripting XSS via...
Allocation of Resources Without Limits or Throttling
Overview org.springframework:spring-webmvc is a package that provides Model-View-Controller MVC architecture and ready components that can be used to develop flexible and loosely coupled web applications. Affected versions of this package are vulnerable to Allocation of Resources Without Limits o...
Security Bulletin: Due to use of spring-webmvc-6.2.17.jar, IBM Sterling Connect:Direct Web Services is vulnerable to cache poisoning when resolving static resources.
Summary spring-webmvc-6.2.17.jar is used by IBM Sterling Connect:Direct Web Services CVE-2026-22741. Vulnerability Details CVEID:CVE-2026-22741 DESCRIPTION: Spring MVC and WebFlux applications are vulnerable to cache poisoning when resolving static resources. More precisely, an application can be...
Security Bulletin: Maximo AI Service uses uuid-11.1.0.tgz and spring-webmvc-6.2.17.jar which are vulnerable to CVE-2026-41988 and CVE-2026-22741.
Summary Maximo AI Service uses uuid-11.1.0.tgz and spring-webmvc-6.2.17.jar which are vulnerable to CVE-2026-41988 and CVE-2026-22741. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2026-22741 DESCRIPTION: Spring MVC and WebFlux...
ai.platon.pulsar:pulsar-e2e-tests (>=4.5.0 <=4.6.0), ai.platon.pulsar:pulsar-it-tests (>=4.5.0 <=4.7.4) +1834 more potentially affected by CVE-2026-22741 via org.springframework:spring-webmvc (>=7.0.0 <=7.0.6)
org.springframework:spring-webmvc MAVEN version =7.0.0, =4.5.0, =4.5.0, =4.5.0, =4.5.0, =4.5.0, =2.0.0, =2.0.0, =0.1.1, =0.2.0, =0.5.0, =0.7.0, =0.5.0, =0.5.0, =0.7.5 and more Source cves: CVE-2026-22741 Source advisory: OSV:GHSA-WG35-8JPF-2XV3...
ai.ancf.lmos-router:lmos-router-llm-in-spring-cloud-gateway-demo (=0.28.0), ai.ancf.lmos:lmos-operator (>=0.0.4 <=0.4.0) +4607 more potentially affected by CVE-2026-22741 via org.springframework:spring-webmvc (>=6.1.0 <=6.1.21)
org.springframework:spring-webmvc MAVEN version =6.1.0, =0.0.4, =0.5.0, =0.6.0, =0.5.0, =0.7.0, =0.7.0, =0.5.0, =0.7.5, =0.8.3, =0.7.0, =0.5.0, =0.5.0, =0.5.0, =cloud-0.1, =cloud-0.2.1 and more Source cves: CVE-2026-22741 Source advisory: OSV:GHSA-WG35-8JPF-2XV3...
RPD:bmc-rpd (=1.1), aendter.jenkins.plugins:filesystem-list-parameter-plugin (>=0.0.1 <=0.0.6) +25531 more potentially affected by CVE-2026-22741 via org.springframework:spring-webmvc (>=1.2.1 <=5.3.4)
org.springframework:spring-webmvc MAVEN version =1.2.1, =0.0.1, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =4.4.0.0, =0.0.12, =0.1.15 and more Source cves: CVE-2026-22741 Source advisory: OSV:GHSA-WG35-8JPF-2XV3...
ai.ancf.lmos:lmos-operator (>=0.5.0 <=0.6.0), ai.telosforge:kimaira-starter-dms (>=1.2.4 <=1.2.6) +5089 more potentially affected by CVE-2026-22745 via org.springframework:spring-webmvc (>=6.2.0 <=6.2.17)
org.springframework:spring-webmvc MAVEN version =6.2.0, =0.5.0, =1.2.4, =1.2.4, =1.17.0, =0.3.0, =0.0.1, =0.1.0, =0.1.0, =0.1.0, =8.6.0, =8.6.0, =8.6.0, =8.6.0, =8.6.0, =8.8.1 and more Source cves: CVE-2026-22745 Source advisory: OSV:GHSA-6P4F-WCWH-5VVM...
ai.platon.pulsar:pulsar-e2e-tests (>=4.5.0 <=4.6.0), ai.platon.pulsar:pulsar-it-tests (>=4.5.0 <=4.7.4) +1834 more potentially affected by CVE-2026-22745 via org.springframework:spring-webmvc (>=7.0.0 <=7.0.6)
org.springframework:spring-webmvc MAVEN version =7.0.0, =4.5.0, =4.5.0, =4.5.0, =4.5.0, =4.5.0, =2.0.0, =2.0.0, =0.1.1, =0.2.0, =0.5.0, =0.7.0, =0.5.0, =0.5.0, =0.7.5 and more Source cves: CVE-2026-22745 Source advisory: OSV:GHSA-6P4F-WCWH-5VVM...
RPD:bmc-rpd (=1.1), aendter.jenkins.plugins:filesystem-list-parameter-plugin (>=0.0.1 <=0.0.6) +25531 more potentially affected by CVE-2026-22745 via org.springframework:spring-webmvc (>=1.2.1 <=5.3.4)
org.springframework:spring-webmvc MAVEN version =1.2.1, =0.0.1, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =4.4.0.0, =0.0.12, =0.1.15 and more Source cves: CVE-2026-22745 Source advisory: OSV:GHSA-6P4F-WCWH-5VVM...
ai.ancf.lmos:lmos-operator (>=0.5.0 <=0.6.0), ai.telosforge:kimaira-starter-dms (>=1.2.4 <=1.2.6) +5089 more potentially affected by CVE-2026-22741 via org.springframework:spring-webmvc (>=6.2.0 <=6.2.17)
org.springframework:spring-webmvc MAVEN version =6.2.0, =0.5.0, =1.2.4, =1.2.4, =1.17.0, =0.3.0, =0.0.1, =0.1.0, =0.1.0, =0.1.0, =8.6.0, =8.6.0, =8.6.0, =8.6.0, =8.6.0, =8.8.1 and more Source cves: CVE-2026-22741 Source advisory: OSV:GHSA-WG35-8JPF-2XV3...