Spring Boot Security Vulnerabilities and Issues — Spring Boot CVE List

Lucene search

VmwareSpring Boot

8 matches found

CVE•added 2022/03/30 6:15 p.m.•242 views

CVE-2022-27772

spring-boot versions prior to version v2.2.11.RELEASE was vulnerable to temporary directory hijacking. This vulnerability impacted the org.springframework.boot.web.server.AbstractConfigurableWebServerFactory.createTempDir method. NOTE: This vulnerability only affects products and/or versions that a...

7.8CVSS7.5AI score0.01074EPSS

CVE•added 2023/05/26 5:15 p.m.•242 views

CVE-2023-20883

In Spring Boot versions 3.0.0 - 3.0.6, 2.7.0 - 2.7.11, 2.6.0 - 2.6.14, 2.5.0 - 2.5.14 and older unsupported versions, there is potential for a denial-of-service (DoS) attack if Spring MVC is used together with a reverse proxy cache.

7.5CVSS7.4AI score0.00199EPSS

CVE•added 2023/04/20 9:15 p.m.•197 views

CVE-2023-20873

In Spring Boot versions 3.0.0 - 3.0.5, 2.7.0 - 2.7.10, and older unsupported versions, an application that is deployed to Cloud Foundry could be susceptible to a security bypass. Users of affected versions should apply the following mitigation: 3.0.x users should upgrade to 3.0.6+. 2.7.x users shou...

9.8CVSS9.2AI score0.00385EPSS

CVE•added 2018/01/04 6:29 a.m.•181 views

CVE-2017-8046

Malicious PATCH requests submitted to servers using Spring Data REST versions prior to 2.6.9 (Ingalls SR9), versions prior to 3.0.1 (Kay SR1) and Spring Boot versions prior to 1.5.9, 2.0 M6 can use specially crafted JSON data to run arbitrary Java code.

9.8CVSS9.2AI score0.93602EPSS

CVE•added 2023/01/14 10:15 a.m.•151 views

CVE-2023-22602

When using Apache Shiro before 1.11.0 together with Spring Boot 2.6+, a specially crafted HTTP request may cause an authentication bypass. The authentication bypass occurs when Shiro and Spring Boot are using different pattern-matching techniques. Both Shiro and Spring Boot

7.5CVSS7.7AI score0.0014EPSS

CVE•added 2023/11/28 9:15 a.m.•120 views

CVE-2023-34055

In Spring Boot versions 2.7.0 - 2.7.17, 3.0.0-3.0.12 and 3.1.0-3.1.5, it is possible for a user to provide specially crafted HTTP requests that may cause a denial-of-service (DoS) condition. Specifically, an application is vulnerable when all of the following are true: the application uses Spring M...

6.5CVSS6.2AI score0.0029EPSS

CVE•added 2018/03/19 6:29 p.m.•69 views

CVE-2018-1196

Spring Boot supports an embedded launch script that can be used to easily run the application as a systemd or init.d linux service. The script included with Spring Boot 1.5.9 and earlier and 2.0.0.M1 through 2.0.0.M7 is susceptible to a symlink attack which allows the "run_user" to overwrite and ta...

5.9CVSS5.6AI score0.00604EPSS

CVE•added 2021/03/15 10:15 p.m.•63 views

CVE-2021-26987

Element Plug-in for vCenter Server incorporates SpringBoot Framework. SpringBoot Framework versions prior to 1.3.2 are susceptible to a vulnerability which when successfully exploited could lead to Remote Code Execution. All versions of Element Plug-in for vCenter Server, Management Services versio...

9.8CVSS9.5AI score0.0187EPSS