Lucene search
+L
BroadcomSpring Data Commons3.4.0

4 matches found

CVE
CVE
added 2026/06/09 11:48 p.m.77 views

CVE-2026-41716

CVE-2026-41716 affects Spring Data Commons (versions 2.7.0–2.7.19; 3.3.0–3.3.16; 3.4.0–3.4.14; 3.5.0–3.5.11; 4.0.0–4.0.5). The issue is in Spring Data’s internal property-lookup cache, which accepts and permanently retains attacker-supplied strings as cache keys, enabling heap exhaustion through ...

7.5CVSS5.5AI score0.00363EPSS
CVE
CVE
added 2026/06/09 11:48 p.m.70 views

CVE-2026-41721

Spring Data Commons vulnerability (CVE-2026-41721) can cause a Denial of Service when Spring Data Web Support is enabled and a controller uses @ProjectedPayload; a specially crafted HTTP request may cause excessive memory allocation. Affected versions include Spring Data Commons 4.0.0–4.0.5; 3.5....

5.9CVSS5.5AI score0.00331EPSS
CVE
CVE
added 2026/06/09 11:47 p.m.65 views

CVE-2026-41695

Spring Data Commons contains a Denial of Service risk (CVE-2026-41695) caused by resource exhaustion during property path resolution in MappingContext. Affected versions are Spring Data Commons 4.0.0–4.0.5; 3.5.0–3.5.11; 3.4.0–3.4.14. The provided documents describe the issue and affected release...

7.5CVSS5.4AI score0.00363EPSS
CVE
CVE
added 2026/06/09 11:48 p.m.51 views

CVE-2026-41711

Summary: CVE-2026-41711 affects Spring Data Commons and can cause a Denial of Service via a StackOverflowException when parsing Sort parameters. Affected versions include 4.0.0–4.0.5; 3.5.0–3.5.11; 3.4.0–3.4.14; 3.3.0–3.3.16; 3.2.0–3.2.15; 3.1.0–3.1.14; 3.0.0–3.0.15; 2.7.0–2.7.19. The provided do...

5.9CVSS5.4AI score0.0028EPSS