Spring Framework@* Security Vulnerabilities and Issues — Spring Framework@* CVE List

VmwareSpring Framework*

15 matches found

CVE•added 2022/04/01 10:17 p.m.•2461 views

CVE-2022-22965

CVE-2022-22965 (Spring4Shell) affects Spring Framework’s Spring MVC and Spring WebFlux when data binding is enabled in apps running on JDK 9+, with exploitation requiring Tomcat as WAR deployment. The issue is not exploited in Spring Boot executable jars. Vulnerable configurations are associated ...

9.8CVSS8.7AI score0.94439EPSS

In wildWeb

CVE•added 2022/04/01 10:17 p.m.•631 views

CVE-2022-22950

CVE-2022-22950 affects Spring Framework 5.3.0–5.3.16 and older unsupported versions, where a specially crafted SpEL expression may cause a Denial of Service. The connected advisories corroborate the DoS vector via Spring Expression language handling, and indicate a fix is available in newer branc...

6.5CVSS7.5AI score0.02461EPSS

CVE•added 2020/01/02 12:0 a.m.•552 views

CVE-2016-1000027

CVE-2016-1000027 involves remote code execution in Pivotal Spring Framework when deserializing untrusted data. Connected sources specify impact up to Spring Framework 5.3.16 (RCE via Java deserialization) and note that the vendor discourages untrusted-deserialization usage. Remediation guidance i...

9.8CVSS9.8AI score0.60417EPSS

CVE•added 2024/03/16 4:40 a.m.•441 views

CVE-2024-22259

CVE-2024-22259 affects Spring Framework’s UriComponentsBuilder when parsing an externally provided URL and validating its host, potentially enabling open redirect or SSRF if the URL is used after validation. The CVE has CVSS 3.1 base score 8.1 (HIGH). Connected advisories from Atlassian/Broadcom ...

8.1CVSS6AI score0.60124EPSS

CVE•added 2022/04/14 8:5 p.m.•290 views

CVE-2022-22968

CVE-2022-22968 affects Spring Framework where DataBinder’s disallowedFields patterns are case sensitive in versions 5.3.0–5.3.18, 5.2.0–5.2.20, and older unsupported releases. The issue means a field is not fully protected unless every first character (and nested path) is listed in both uppercase...

5.3CVSS5.4AI score0.2051EPSS

CVE•added 2020/09/19 3:45 a.m.•286 views

CVE-2020-5421

CVE-2020-5421 affects Spring Framework releases across multiple lines (5.2.x to 5.0.x, 4.3.x and older). The issue arises from improper input handling of the jsessionid path parameter, which may bypass RFD Protection and weaken security controls. Affected products reference VMware Tanzu Spring Fr...

8.7CVSS7.2AI score0.63828EPSS

CVE•added 2018/04/06 1:0 p.m.•270 views

CVE-2018-1270

Summary: CVE-2018-1270 affects Spring Framework versions 5.0.x before 5.0.5 and 4.3.x before 4.3.15 (and older unsupported) via the spring-messaging module, which can expose STOMP over WebSocket endpoints to a simple in-memory broker. A malicious actor can craft a message to the broker that leads...

9.8CVSS9.4AI score0.89352EPSS

Web

CVE•added 2018/06/25 3:0 p.m.•175 views

CVE-2018-11039

CVE-2018-11039 affects the Spring Framework, where the HiddenHttpMethodFilter in Spring MVC allows web apps to change the HTTP request method to any method (including TRACE). This can enable an attacker with an existing XSS vulnerability to escalate to an XST (Cross Site Tracing) attack. Affected...

5.9CVSS6.9AI score0.02602EPSS

CVE•added 2018/05/11 8:0 p.m.•139 views

CVE-2018-1257

CVE-2018-1257 affects Spring Framework: vulnerable in Spring Messaging when using an in-memory STOMP broker exposed via STOMP over WebSocket. A malicious user can craft a message to the broker that triggers a regular-expression denial of service. Affected versions are Spring Framework 5.0.x befor...

6.5CVSS7AI score0.01176EPSS

CVE•added 2018/06/25 3:0 p.m.•127 views

CVE-2018-11040

CVE-2018-11040 affects Spring Framework: 5.0.x before 5.0.7 and 4.3.x before 4.3.18 (and older unsupported versions). The issue arises because JSONP support can be enabled via JSONP parameters when MappingJackson2JsonView is configured, allowing cross-domain requests through AbstractJsonpResponse...

7.5CVSS8.3AI score0.06564EPSS

CVE•added 2026/04/29 11:32 a.m.•86 views

CVE-2026-22741

CVE-2026-22741 – cache poisoning in static resources (Spring MVC/WebFlux) . When an app uses Spring MVC/WebFlux with resource chain caching enabled and encoded resource resolution, and the resource cache is empty, an attacker can poison the cache by sending crafted requests with incorrect encodin...

3.1CVSS5.3AI score0.00083EPSS

CVE•added 2026/04/29 10:46 a.m.•66 views

CVE-2026-22740

The CVE-2026-22740 issue affects Spring Framework WebFlux multipart request handling. The root cause is cleanup of temporary files created for parts larger than 10 KB, which in some cases are not deleted after the request completes, enabling an attacker to exhaust disk space (Denial of Service). ...

6.5CVSS5.2AI score0.00061EPSS

CVE•added 2026/03/19 11:53 p.m.•49 views

CVE-2026-22737

CVE-2026-22737 affects Spring Framework components that render script template views via a Java scripting engine (e.g., JRuby, Jython) in Spring MVC and Spring WebFlux. The issue allows disclosure of content from files outside configured script template view locations due to the scripting engine ...

5.9CVSS5.7AI score0.00096EPSS

CVE•added 2026/04/29 11:35 a.m.•28 views

CVE-2026-22745

The vulnerability is in the Spring Framework’s static resource resolution when serving file-system backed resources in Spring MVC/WebFlux apps on Windows. Affected component: org.springframework:spring-core. Under the conditions that the app uses Spring MVC or Spring WebFlux, serves static resour...

5.3CVSS5.4AI score0.00067EPSS

CVE•added 2026/03/19 11:37 p.m.•24 views

CVE-2026-22735

CVE-2026-22735 affects Spring MVC and Spring WebFlux applications via Server-Sent Events (SSE) stream handling. Concrete details in the connected documents show impact on Spring Framework components: Spring Foundation versions 5.3.0–5.3.46, 6.1.0–6.1.25, 6.2.0–6.2.16, and 7.0.0–7.0.5 experience s...

2.6CVSS5.8AI score0.00092EPSS