Spring Boot Security Vulnerabilities and Issues — Spring Boot CVE List

Lucene search

VmwareSpring Boot

3 matches found

CVE•added 2023/05/26 5:15 p.m.•258 views

CVE-2023-20883

In Spring Boot versions 3.0.0 - 3.0.6, 2.7.0 - 2.7.11, 2.6.0 - 2.6.14, 2.5.0 - 2.5.14 and older unsupported versions, there is potential for a denial-of-service (DoS) attack if Spring MVC is used together with a reverse proxy cache.

7.5CVSS7.4AI score0.00398EPSS

CVE•added 2022/03/30 6:15 p.m.•245 views

CVE-2022-27772

spring-boot versions prior to version v2.2.11.RELEASE was vulnerable to temporary directory hijacking. This vulnerability impacted the org.springframework.boot.web.server.AbstractConfigurableWebServerFactory.createTempDir method. NOTE: This vulnerability only affects products and/or versions that a...

7.8CVSS7.5AI score0.01074EPSS

CVE•added 2023/01/14 10:15 a.m.•165 views

CVE-2023-22602

When using Apache Shiro before 1.11.0 together with Spring Boot 2.6+, a specially crafted HTTP request may cause an authentication bypass. The authentication bypass occurs when Shiro and Spring Boot are using different pattern-matching techniques. Both Shiro and Spring Boot

7.5CVSS7.7AI score0.0014EPSS