Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:maven/org.springframework/spring-webmvc@4.0.5.RELEASE
Typemaven
Namespaceorg.springframework
Namespring-webmvc
Version4.0.5.RELEASE
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version5.2.20.RELEASE
Latest_non_vulnerable_version7.0.6
Affected_by_vulnerabilities
0
url VCID-9v66-xp9z-8kea
vulnerability_id VCID-9v66-xp9z-8kea
summary Directory traversal vulnerability in Pivotal Spring Framework 3.0.4 through 3.2.x before 3.2.12, 4.0.x before 4.0.8, and 4.1.x before 4.1.2 allows remote attackers to read arbitrary files via unspecified vectors, related to static resource handling.
references
0
reference_url http://rhn.redhat.com/errata/RHSA-2015-0236.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2015-0236.html
1
reference_url http://rhn.redhat.com/errata/RHSA-2015-0720.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2015-0720.html
2
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3625.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3625.json
3
reference_url https://api.first.org/data/v1/epss?cve=CVE-2014-3625
reference_id
reference_type
scores
0
value 0.16987
scoring_system epss
scoring_elements 0.94992
published_at 2026-04-18T12:55:00Z
1
value 0.16987
scoring_system epss
scoring_elements 0.94945
published_at 2026-04-01T12:55:00Z
2
value 0.16987
scoring_system epss
scoring_elements 0.94954
published_at 2026-04-02T12:55:00Z
3
value 0.16987
scoring_system epss
scoring_elements 0.94956
published_at 2026-04-04T12:55:00Z
4
value 0.16987
scoring_system epss
scoring_elements 0.94959
published_at 2026-04-07T12:55:00Z
5
value 0.16987
scoring_system epss
scoring_elements 0.94967
published_at 2026-04-08T12:55:00Z
6
value 0.16987
scoring_system epss
scoring_elements 0.94971
published_at 2026-04-09T12:55:00Z
7
value 0.16987
scoring_system epss
scoring_elements 0.94976
published_at 2026-04-11T12:55:00Z
8
value 0.16987
scoring_system epss
scoring_elements 0.94977
published_at 2026-04-12T12:55:00Z
9
value 0.16987
scoring_system epss
scoring_elements 0.9498
published_at 2026-04-13T12:55:00Z
10
value 0.16987
scoring_system epss
scoring_elements 0.94988
published_at 2026-04-16T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2014-3625
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3625
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3625
5
reference_url https://github.com/spring-projects/spring-framework
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/spring-projects/spring-framework
6
reference_url https://github.com/spring-projects/spring-framework/commit/161d3e3049f129e211f68a4e94b544e0f0d8384d
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/spring-projects/spring-framework/commit/161d3e3049f129e211f68a4e94b544e0f0d8384d
7
reference_url https://github.com/spring-projects/spring-framework/commit/3f68cd633f03370d33c2603a6496e81273782601
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/spring-projects/spring-framework/commit/3f68cd633f03370d33c2603a6496e81273782601
8
reference_url https://github.com/spring-projects/spring-framework/commit/9beae9ae4226c45cd428035dae81214439324676
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/spring-projects/spring-framework/commit/9beae9ae4226c45cd428035dae81214439324676
9
reference_url https://github.com/spring-projects/spring-framework/commit/9cef8e3001ddd61c734281a7556efd84b6cc2755
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/spring-projects/spring-framework/commit/9cef8e3001ddd61c734281a7556efd84b6cc2755
10
reference_url https://jira.spring.io/browse/SPR-12354
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://jira.spring.io/browse/SPR-12354
11
reference_url https://lists.debian.org/debian-lts-announce/2019/07/msg00012.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2019/07/msg00012.html
12
reference_url https://nvd.nist.gov/vuln/detail/CVE-2014-3625
reference_id
reference_type
scores
0
value 5.0
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:N/C:P/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2014-3625
13
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1165936
reference_id 1165936
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1165936
14
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=769698
reference_id 769698
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=769698
15
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:pivotal_software:spring_framework:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:pivotal_software:spring_framework:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:pivotal_software:spring_framework:*:*:*:*:*:*:*:*
16
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:spring_framework:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:vmware:spring_framework:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:spring_framework:*:*:*:*:*:*:*:*
17
reference_url https://bugzilla.redhat.com/CVE-2014-3625
reference_id CVE-2014-3625
reference_type
scores
url https://bugzilla.redhat.com/CVE-2014-3625
18
reference_url http://www.pivotal.io/security/cve-2014-3625
reference_id CVE-2014-3625
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.pivotal.io/security/cve-2014-3625
19
reference_url https://github.com/advisories/GHSA-hhm4-hwq6-3c6w
reference_id GHSA-hhm4-hwq6-3c6w
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-hhm4-hwq6-3c6w
20
reference_url https://access.redhat.com/errata/RHSA-2015:0234
reference_id RHSA-2015:0234
reference_type
scores
url https://access.redhat.com/errata/RHSA-2015:0234
21
reference_url https://access.redhat.com/errata/RHSA-2015:0235
reference_id RHSA-2015:0235
reference_type
scores
url https://access.redhat.com/errata/RHSA-2015:0235
22
reference_url https://access.redhat.com/errata/RHSA-2015:0236
reference_id RHSA-2015:0236
reference_type
scores
url https://access.redhat.com/errata/RHSA-2015:0236
23
reference_url https://access.redhat.com/errata/RHSA-2015:0720
reference_id RHSA-2015:0720
reference_type
scores
url https://access.redhat.com/errata/RHSA-2015:0720
24
reference_url https://usn.ubuntu.com/USN-4774-1/
reference_id USN-USN-4774-1
reference_type
scores
url https://usn.ubuntu.com/USN-4774-1/
fixed_packages
0
url pkg:maven/org.springframework/spring-webmvc@4.0.8
purl pkg:maven/org.springframework/spring-webmvc@4.0.8
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-webmvc@4.0.8
1
url pkg:maven/org.springframework/spring-webmvc@4.0.8.RELEASE
purl pkg:maven/org.springframework/spring-webmvc@4.0.8.RELEASE
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-cyjt-4vjn-mbc7
1
vulnerability VCID-fv26-nhx4-dqd3
2
vulnerability VCID-pb7f-yasx-17ag
3
vulnerability VCID-y3uz-etva-sufh
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-webmvc@4.0.8.RELEASE
2
url pkg:maven/org.springframework/spring-webmvc@4.1.2
purl pkg:maven/org.springframework/spring-webmvc@4.1.2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-webmvc@4.1.2
3
url pkg:maven/org.springframework/spring-webmvc@4.1.2.RELEASE
purl pkg:maven/org.springframework/spring-webmvc@4.1.2.RELEASE
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-cyjt-4vjn-mbc7
1
vulnerability VCID-fv26-nhx4-dqd3
2
vulnerability VCID-pb7f-yasx-17ag
3
vulnerability VCID-y3uz-etva-sufh
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-webmvc@4.1.2.RELEASE
aliases CVE-2014-3625, GHSA-hhm4-hwq6-3c6w
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9v66-xp9z-8kea
1
url VCID-cyjt-4vjn-mbc7
vulnerability_id VCID-cyjt-4vjn-mbc7
summary Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in org.springframework.boot:spring-boot-starter-webflux.
references
0
reference_url http://packetstormsecurity.com/files/166713/Spring4Shell-Code-Execution.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Act
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-01-29T17:52:10Z/
url http://packetstormsecurity.com/files/166713/Spring4Shell-Code-Execution.html
1
reference_url http://packetstormsecurity.com/files/167011/Spring4Shell-Spring-Framework-Class-Property-Remote-Code-Execution.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Act
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-01-29T17:52:10Z/
url http://packetstormsecurity.com/files/167011/Spring4Shell-Spring-Framework-Class-Property-Remote-Code-Execution.html
2
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-22965.json
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-22965.json
3
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-22965
reference_id
reference_type
scores
0
value 0.94428
scoring_system epss
scoring_elements 0.99984
published_at 2026-04-04T12:55:00Z
1
value 0.94428
scoring_system epss
scoring_elements 0.99983
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-22965
4
reference_url https://cert-portal.siemens.com/productcert/pdf/ssa-254054.pdf
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Act
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-01-29T17:52:10Z/
url https://cert-portal.siemens.com/productcert/pdf/ssa-254054.pdf
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22965
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22965
6
reference_url https://github.com/spring-projects/spring-boot/releases/tag/v2.5.12
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/spring-projects/spring-boot/releases/tag/v2.5.12
7
reference_url https://github.com/spring-projects/spring-boot/releases/tag/v2.6.6
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/spring-projects/spring-boot/releases/tag/v2.6.6
8
reference_url https://github.com/spring-projects/spring-framework
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/spring-projects/spring-framework
9
reference_url https://github.com/spring-projects/spring-framework/commit/002546b3e4b8d791ea6acccb81eb3168f51abb15
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/spring-projects/spring-framework/commit/002546b3e4b8d791ea6acccb81eb3168f51abb15
10
reference_url https://github.com/spring-projects/spring-framework/releases/tag/v5.2.20.RELEASE
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/spring-projects/spring-framework/releases/tag/v5.2.20.RELEASE
11
reference_url https://github.com/spring-projects/spring-framework/releases/tag/v5.3.18
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/spring-projects/spring-framework/releases/tag/v5.3.18
12
reference_url https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0005
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H
1
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Act
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-01-29T17:52:10Z/
url https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0005
13
reference_url https://spring.io/blog/2022/03/31/spring-framework-rce-early-announcement
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://spring.io/blog/2022/03/31/spring-framework-rce-early-announcement
14
reference_url https://spring.io/blog/2022/03/31/spring-framework-rce-early-announcement#suggested-workarounds
reference_id
reference_type
scores
url https://spring.io/blog/2022/03/31/spring-framework-rce-early-announcement#suggested-workarounds
15
reference_url https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-java-spring-rce-Zx9GUc67
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Act
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-01-29T17:52:10Z/
url https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-java-spring-rce-Zx9GUc67
16
reference_url https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-22965
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-22965
17
reference_url https://www.kb.cert.org/vuls/id/970766
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.kb.cert.org/vuls/id/970766
18
reference_url https://www.oracle.com/security-alerts/cpuapr2022.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Act
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-01-29T17:52:10Z/
url https://www.oracle.com/security-alerts/cpuapr2022.html
19
reference_url https://www.oracle.com/security-alerts/cpujul2022.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Act
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-01-29T17:52:10Z/
url https://www.oracle.com/security-alerts/cpujul2022.html
20
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2070348
reference_id 2070348
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2070348
21
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-22965
reference_id CVE-2022-22965
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-22965
22
reference_url https://tanzu.vmware.com/security/cve-2022-22965
reference_id CVE-2022-22965
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Act
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-01-29T17:52:10Z/
url https://tanzu.vmware.com/security/cve-2022-22965
23
reference_url https://github.com/advisories/GHSA-36p3-wjmg-h94x
reference_id GHSA-36p3-wjmg-h94x
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-36p3-wjmg-h94x
24
reference_url https://access.redhat.com/errata/RHSA-2022:1306
reference_id RHSA-2022:1306
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:1306
25
reference_url https://access.redhat.com/errata/RHSA-2022:1333
reference_id RHSA-2022:1333
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:1333
26
reference_url https://access.redhat.com/errata/RHSA-2022:1360
reference_id RHSA-2022:1360
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:1360
27
reference_url https://access.redhat.com/errata/RHSA-2022:1378
reference_id RHSA-2022:1378
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:1378
28
reference_url https://access.redhat.com/errata/RHSA-2022:1379
reference_id RHSA-2022:1379
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:1379
29
reference_url https://access.redhat.com/errata/RHSA-2022:1626
reference_id RHSA-2022:1626
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:1626
30
reference_url https://access.redhat.com/errata/RHSA-2022:1627
reference_id RHSA-2022:1627
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:1627
31
reference_url https://usn.ubuntu.com/7165-1/
reference_id USN-7165-1
reference_type
scores
url https://usn.ubuntu.com/7165-1/
fixed_packages
0
url pkg:maven/org.springframework/spring-webmvc@5.2.20.RELEASE
purl pkg:maven/org.springframework/spring-webmvc@5.2.20.RELEASE
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-webmvc@5.2.20.RELEASE
1
url pkg:maven/org.springframework/spring-webmvc@5.3.18
purl pkg:maven/org.springframework/spring-webmvc@5.3.18
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7x5d-wtf5-3kau
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-webmvc@5.3.18
aliases CVE-2022-22965, GHSA-36p3-wjmg-h94x, GMS-2022-558, GMS-2022-559, GMS-2022-560, GMS-2022-561
risk_score 10.0
exploitability 2.0
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-cyjt-4vjn-mbc7
2
url VCID-fv26-nhx4-dqd3
vulnerability_id VCID-fv26-nhx4-dqd3
summary Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to configure Spring MVC to serve static resources (e.g. CSS, JS, images). When static resources are served from a file system on Windows (as opposed to the classpath, or the ServletContext), a malicious user can send a request using a specially crafted URL that can lead a directory traversal attack.
references
0
reference_url https://access.redhat.com/errata/RHSA-2018:1320
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:1320
1
reference_url https://access.redhat.com/errata/RHSA-2018:2669
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:2669
2
reference_url https://access.redhat.com/errata/RHSA-2018:2939
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:2939
3
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1271.json
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1271.json
4
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-1271
reference_id
reference_type
scores
0
value 0.90599
scoring_system epss
scoring_elements 0.99615
published_at 2026-04-09T12:55:00Z
1
value 0.90599
scoring_system epss
scoring_elements 0.99616
published_at 2026-04-13T12:55:00Z
2
value 0.90599
scoring_system epss
scoring_elements 0.99617
published_at 2026-04-18T12:55:00Z
3
value 0.90599
scoring_system epss
scoring_elements 0.99613
published_at 2026-04-02T12:55:00Z
4
value 0.90599
scoring_system epss
scoring_elements 0.99614
published_at 2026-04-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-1271
5
reference_url https://github.com/spring-projects/spring-framework/commit/0e28bee0f155b9bf240b4bafc4646e4810cb23f
reference_id
reference_type
scores
url https://github.com/spring-projects/spring-framework/commit/0e28bee0f155b9bf240b4bafc4646e4810cb23f
6
reference_url https://github.com/spring-projects/spring-framework/commit/0e28bee0f155b9bf240b4bafc4646e4810cb23f8
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/spring-projects/spring-framework/commit/0e28bee0f155b9bf240b4bafc4646e4810cb23f8
7
reference_url https://github.com/spring-projects/spring-framework/commit/13356a7ee2240f740737c5c83bdccdacc30603a
reference_id
reference_type
scores
url https://github.com/spring-projects/spring-framework/commit/13356a7ee2240f740737c5c83bdccdacc30603a
8
reference_url https://github.com/spring-projects/spring-framework/commit/13356a7ee2240f740737c5c83bdccdacc30603ab
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/spring-projects/spring-framework/commit/13356a7ee2240f740737c5c83bdccdacc30603ab
9
reference_url https://github.com/spring-projects/spring-framework/commit/695bf2961feffd35b5560ccc982a2189dcca611
reference_id
reference_type
scores
url https://github.com/spring-projects/spring-framework/commit/695bf2961feffd35b5560ccc982a2189dcca611
10
reference_url https://github.com/spring-projects/spring-framework/commit/695bf2961feffd35b5560ccc982a2189dcca611f
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/spring-projects/spring-framework/commit/695bf2961feffd35b5560ccc982a2189dcca611f
11
reference_url https://github.com/spring-projects/spring-framework/commit/91b803a2310344d925e5d4b1709bbcea9037554
reference_id
reference_type
scores
url https://github.com/spring-projects/spring-framework/commit/91b803a2310344d925e5d4b1709bbcea9037554
12
reference_url https://github.com/spring-projects/spring-framework/commit/91b803a2310344d925e5d4b1709bbcea90375548
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/spring-projects/spring-framework/commit/91b803a2310344d925e5d4b1709bbcea90375548
13
reference_url https://github.com/spring-projects/spring-framework/commit/98ad23bef8e2e04143f8f5b201380543a8d8c0c
reference_id
reference_type
scores
url https://github.com/spring-projects/spring-framework/commit/98ad23bef8e2e04143f8f5b201380543a8d8c0c
14
reference_url https://github.com/spring-projects/spring-framework/commit/98ad23bef8e2e04143f8f5b201380543a8d8c0c3
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/spring-projects/spring-framework/commit/98ad23bef8e2e04143f8f5b201380543a8d8c0c3
15
reference_url https://github.com/spring-projects/spring-framework/commit/b9ebdaaf3710db473a2e1fec8641c316483a22a
reference_id
reference_type
scores
url https://github.com/spring-projects/spring-framework/commit/b9ebdaaf3710db473a2e1fec8641c316483a22a
16
reference_url https://github.com/spring-projects/spring-framework/commit/b9ebdaaf3710db473a2e1fec8641c316483a22aa
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/spring-projects/spring-framework/commit/b9ebdaaf3710db473a2e1fec8641c316483a22aa
17
reference_url https://github.com/spring-projects/spring-framework/commit/f046a066eceefa0799d1bc89bd6e1318f39bdf69
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/spring-projects/spring-framework/commit/f046a066eceefa0799d1bc89bd6e1318f39bdf69
18
reference_url https://github.com/spring-projects/spring-framework/commit/f59ea610dfcf55cd0b42f6dd76a9b3dab0218aa
reference_id
reference_type
scores
url https://github.com/spring-projects/spring-framework/commit/f59ea610dfcf55cd0b42f6dd76a9b3dab0218aa
19
reference_url https://github.com/spring-projects/spring-framework/commit/f59ea610dfcf55cd0b42f6dd76a9b3dab0218aaa
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/spring-projects/spring-framework/commit/f59ea610dfcf55cd0b42f6dd76a9b3dab0218aaa
20
reference_url https://www.oracle.com/security-alerts/cpujul2020.html
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpujul2020.html
21
reference_url https://www.oracle.com/security-alerts/cpuoct2021.html
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuoct2021.html
22
reference_url https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html
23
reference_url https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
24
reference_url http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
25
reference_url http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
26
reference_url http://www.securityfocus.com/bid/103699
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.securityfocus.com/bid/103699
27
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1571050
reference_id 1571050
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1571050
28
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-1271
reference_id CVE-2018-1271
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-1271
29
reference_url https://pivotal.io/security/cve-2018-1271
reference_id CVE-2018-1271
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://pivotal.io/security/cve-2018-1271
30
reference_url https://github.com/advisories/GHSA-g8hw-794c-4j9g
reference_id GHSA-g8hw-794c-4j9g
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-g8hw-794c-4j9g
fixed_packages
0
url pkg:maven/org.springframework/spring-webmvc@4.3.15.RELEASE
purl pkg:maven/org.springframework/spring-webmvc@4.3.15.RELEASE
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-cyjt-4vjn-mbc7
1
vulnerability VCID-pht6-8af8-b3f2
2
vulnerability VCID-y3uz-etva-sufh
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-webmvc@4.3.15.RELEASE
1
url pkg:maven/org.springframework/spring-webmvc@5.0.5.RELEASE
purl pkg:maven/org.springframework/spring-webmvc@5.0.5.RELEASE
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-cyjt-4vjn-mbc7
1
vulnerability VCID-pht6-8af8-b3f2
2
vulnerability VCID-u7kk-c6fm-judy
3
vulnerability VCID-y3uz-etva-sufh
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-webmvc@5.0.5.RELEASE
aliases CVE-2018-1271, GHSA-g8hw-794c-4j9g
risk_score 10.0
exploitability 2.0
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-fv26-nhx4-dqd3
3
url VCID-pb7f-yasx-17ag
vulnerability_id VCID-pb7f-yasx-17ag
summary Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, provide client-side support for multipart requests. When Spring MVC or Spring WebFlux server application (server A) receives input from a remote client, and then uses that input to make a multipart request to another server (server B), it can be exposed to an attack, where an extra multipart is inserted in the content of the request from server A, causing server B to use the wrong value for a part it expects. This could to lead privilege escalation, for example, if the part content represents a username or user roles.
references
0
reference_url https://access.redhat.com/errata/RHSA-2018:1320
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:1320
1
reference_url https://access.redhat.com/errata/RHSA-2018:2669
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:2669
2
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1272.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1272.json
3
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-1272
reference_id
reference_type
scores
0
value 0.02166
scoring_system epss
scoring_elements 0.84313
published_at 2026-04-11T12:55:00Z
1
value 0.02166
scoring_system epss
scoring_elements 0.84295
published_at 2026-04-09T12:55:00Z
2
value 0.02166
scoring_system epss
scoring_elements 0.8429
published_at 2026-04-08T12:55:00Z
3
value 0.02166
scoring_system epss
scoring_elements 0.84266
published_at 2026-04-04T12:55:00Z
4
value 0.02166
scoring_system epss
scoring_elements 0.84247
published_at 2026-04-02T12:55:00Z
5
value 0.02166
scoring_system epss
scoring_elements 0.84268
published_at 2026-04-07T12:55:00Z
6
value 0.02166
scoring_system epss
scoring_elements 0.84327
published_at 2026-04-18T12:55:00Z
7
value 0.02166
scoring_system epss
scoring_elements 0.84326
published_at 2026-04-16T12:55:00Z
8
value 0.02166
scoring_system epss
scoring_elements 0.84304
published_at 2026-04-13T12:55:00Z
9
value 0.02166
scoring_system epss
scoring_elements 0.84307
published_at 2026-04-12T12:55:00Z
10
value 0.02166
scoring_system epss
scoring_elements 0.84235
published_at 2026-04-01T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-1272
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1272
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1272
5
reference_url https://exchange.xforce.ibmcloud.com/vulnerabilities/141286
reference_id
reference_type
scores
url https://exchange.xforce.ibmcloud.com/vulnerabilities/141286
6
reference_url https://github.com/spring-projects/spring-framework/commit/ab2410c754b67902f002bfcc0c3895bd7772d39
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/spring-projects/spring-framework/commit/ab2410c754b67902f002bfcc0c3895bd7772d39
7
reference_url https://github.com/spring-projects/spring-framework/commit/e02ff3a0da50744b0980d5d665fd242eedea767
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/spring-projects/spring-framework/commit/e02ff3a0da50744b0980d5d665fd242eedea767
8
reference_url https://www.oracle.com/security-alerts/cpujul2020.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpujul2020.html
9
reference_url https://www.oracle.com/security-alerts/cpuoct2021.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuoct2021.html
10
reference_url https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html
11
reference_url https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
12
reference_url http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
13
reference_url http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
14
reference_url http://www.securityfocus.com/bid/103697
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.securityfocus.com/bid/103697
15
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1564408
reference_id 1564408
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1564408
16
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=895114
reference_id 895114
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=895114
17
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-1272
reference_id CVE-2018-1272
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-1272
18
reference_url https://pivotal.io/security/cve-2018-1272
reference_id CVE-2018-1272
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://pivotal.io/security/cve-2018-1272
19
reference_url https://github.com/advisories/GHSA-4487-x383-qpph
reference_id GHSA-4487-x383-qpph
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-4487-x383-qpph
fixed_packages
0
url pkg:maven/org.springframework/spring-webmvc@4.3.15.RELEASE
purl pkg:maven/org.springframework/spring-webmvc@4.3.15.RELEASE
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-cyjt-4vjn-mbc7
1
vulnerability VCID-pht6-8af8-b3f2
2
vulnerability VCID-y3uz-etva-sufh
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-webmvc@4.3.15.RELEASE
1
url pkg:maven/org.springframework/spring-webmvc@5.0.5.RELEASE
purl pkg:maven/org.springframework/spring-webmvc@5.0.5.RELEASE
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-cyjt-4vjn-mbc7
1
vulnerability VCID-pht6-8af8-b3f2
2
vulnerability VCID-u7kk-c6fm-judy
3
vulnerability VCID-y3uz-etva-sufh
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-webmvc@5.0.5.RELEASE
aliases CVE-2018-1272, GHSA-4487-x383-qpph
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-pb7f-yasx-17ag
4
url VCID-y3uz-etva-sufh
vulnerability_id VCID-y3uz-etva-sufh
summary 
Improper Input Validation in Spring Framework
In Spring Framework versions 5.2.0 - 5.2.8, 5.1.0 - 5.1.17, 5.0.0 - 5.0.18, 4.3.0 - 4.3.28, and older unsupported versions, the protections against RFD attacks from CVE-2015-5211 may be bypassed depending on the browser used through the use of a jsessionid path parameter.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-5421.json
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-5421.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-5421
reference_id
reference_type
scores
0
value 0.63828
scoring_system epss
scoring_elements 0.98431
published_at 2026-04-18T12:55:00Z
1
value 0.63828
scoring_system epss
scoring_elements 0.98432
published_at 2026-04-16T12:55:00Z
2
value 0.63828
scoring_system epss
scoring_elements 0.98427
published_at 2026-04-13T12:55:00Z
3
value 0.63828
scoring_system epss
scoring_elements 0.98424
published_at 2026-04-09T12:55:00Z
4
value 0.63828
scoring_system epss
scoring_elements 0.98423
published_at 2026-04-08T12:55:00Z
5
value 0.63828
scoring_system epss
scoring_elements 0.9842
published_at 2026-04-07T12:55:00Z
6
value 0.63828
scoring_system epss
scoring_elements 0.98417
published_at 2026-04-04T12:55:00Z
7
value 0.63828
scoring_system epss
scoring_elements 0.98414
published_at 2026-04-02T12:55:00Z
8
value 0.63828
scoring_system epss
scoring_elements 0.98412
published_at 2026-04-01T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-5421
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5421
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5421
3
reference_url https://lists.apache.org/thread.html/r1c679c43fa4f7846d748a937955c7921436d1b315445978254442163@%3Ccommits.ambari.apache.org%3E
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r1c679c43fa4f7846d748a937955c7921436d1b315445978254442163@%3Ccommits.ambari.apache.org%3E
4
reference_url https://lists.apache.org/thread.html/r1eccdbd7986618a7319ee7a533bd9d9bf6e8678e59dd4cca9b5b2d7a@%3Cissues.ambari.apache.org%3E
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r1eccdbd7986618a7319ee7a533bd9d9bf6e8678e59dd4cca9b5b2d7a@%3Cissues.ambari.apache.org%3E
5
reference_url https://lists.apache.org/thread.html/r3589ed0d18edeb79028615080d5a0e8878856436bb91774a3196d9eb@%3Ccommits.pulsar.apache.org%3E
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r3589ed0d18edeb79028615080d5a0e8878856436bb91774a3196d9eb@%3Ccommits.pulsar.apache.org%3E
6
reference_url https://lists.apache.org/thread.html/r503e64b43a57fd68229cac4a869d1a9a2eac9e75f8719cad3a840211@%3Ccommits.pulsar.apache.org%3E
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r503e64b43a57fd68229cac4a869d1a9a2eac9e75f8719cad3a840211@%3Ccommits.pulsar.apache.org%3E
7
reference_url https://lists.apache.org/thread.html/r5c95eff679dfc642e9e4ab5ac6d202248a59cb1e9457cfbe8b729ac5@%3Cissues.ambari.apache.org%3E
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r5c95eff679dfc642e9e4ab5ac6d202248a59cb1e9457cfbe8b729ac5@%3Cissues.ambari.apache.org%3E
8
reference_url https://lists.apache.org/thread.html/r7e6a213eea7f04fc6d9e3bd6eb8d68c4df92a22e956e95cb2c482865@%3Cissues.hive.apache.org%3E
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r7e6a213eea7f04fc6d9e3bd6eb8d68c4df92a22e956e95cb2c482865@%3Cissues.hive.apache.org%3E
9
reference_url https://lists.apache.org/thread.html/r8b496b1743d128e6861ee0ed3c3c48cc56c505b38f84fa5baf7ae33a@%3Cdev.ambari.apache.org%3E
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r8b496b1743d128e6861ee0ed3c3c48cc56c505b38f84fa5baf7ae33a@%3Cdev.ambari.apache.org%3E
10
reference_url https://lists.apache.org/thread.html/r918caad55dcc640a16753b00d8d6acb90b4e36de4b6156d0867246ec@%3Ccommits.pulsar.apache.org%3E
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r918caad55dcc640a16753b00d8d6acb90b4e36de4b6156d0867246ec@%3Ccommits.pulsar.apache.org%3E
11
reference_url https://lists.apache.org/thread.html/r9f13cccb214495e14648d2c9b8f2c6072fd5219e74502dd35ede81e1@%3Cdev.ambari.apache.org%3E
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r9f13cccb214495e14648d2c9b8f2c6072fd5219e74502dd35ede81e1@%3Cdev.ambari.apache.org%3E
12
reference_url https://lists.apache.org/thread.html/ra889d95141059c6cbe77dd80249bb488ae53b274b5f3abad09d9511d@%3Cuser.ignite.apache.org%3E
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/ra889d95141059c6cbe77dd80249bb488ae53b274b5f3abad09d9511d@%3Cuser.ignite.apache.org%3E
13
reference_url https://lists.apache.org/thread.html/raf7ca57033e537e4f9d7df7f192fa6968c1e49409b2348e08d807ccb@%3Cuser.ignite.apache.org%3E
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/raf7ca57033e537e4f9d7df7f192fa6968c1e49409b2348e08d807ccb@%3Cuser.ignite.apache.org%3E
14
reference_url https://lists.apache.org/thread.html/rb18ed999153ef0f0cb7af03efe0046c42c7242fd77fbd884a75ecfdc@%3Ccommits.pulsar.apache.org%3E
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rb18ed999153ef0f0cb7af03efe0046c42c7242fd77fbd884a75ecfdc@%3Ccommits.pulsar.apache.org%3E
15
reference_url https://lists.apache.org/thread.html/rc9efaf6db98bee19db1bc911d0fa442287dac5cb229d4aaa08b6a13d@%3Cissues.hive.apache.org%3E
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rc9efaf6db98bee19db1bc911d0fa442287dac5cb229d4aaa08b6a13d@%3Cissues.hive.apache.org%3E
16
reference_url https://lists.apache.org/thread.html/rd462a8b0dfab4c15e67c0672cd3c211ecd0e4f018f824082ed54f665@%3Cissues.hive.apache.org%3E
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rd462a8b0dfab4c15e67c0672cd3c211ecd0e4f018f824082ed54f665@%3Cissues.hive.apache.org%3E
17
reference_url https://lists.apache.org/thread.html/re014a49d77f038ba70e5e9934d400af6653e8c9ac110d32b1254127e@%3Cdev.ranger.apache.org%3E
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/re014a49d77f038ba70e5e9934d400af6653e8c9ac110d32b1254127e@%3Cdev.ranger.apache.org%3E
18
reference_url https://lists.apache.org/thread.html/rf00d8f4101a1c1ea4de6ea1e09ddf7472cfd306745c90d6da87ae074@%3Cdev.hive.apache.org%3E
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rf00d8f4101a1c1ea4de6ea1e09ddf7472cfd306745c90d6da87ae074@%3Cdev.hive.apache.org%3E
19
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-5421
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-5421
20
reference_url https://security.netapp.com/advisory/ntap-20210513-0009
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20210513-0009
21
reference_url https://security.netapp.com/advisory/ntap-20210513-0009/
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20210513-0009/
22
reference_url https://tanzu.vmware.com/security/cve-2020-5421
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://tanzu.vmware.com/security/cve-2020-5421
23
reference_url https://www.oracle.com/security-alerts/cpuApr2021.html
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuApr2021.html
24
reference_url https://www.oracle.com/security-alerts/cpuapr2022.html
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuapr2022.html
25
reference_url https://www.oracle.com/security-alerts/cpujan2021.html
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpujan2021.html
26
reference_url https://www.oracle.com/security-alerts/cpujan2022.html
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpujan2022.html
27
reference_url https://www.oracle.com//security-alerts/cpujul2021.html
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.oracle.com//security-alerts/cpujul2021.html
28
reference_url https://www.oracle.com/security-alerts/cpuoct2021.html
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuoct2021.html
29
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1881158
reference_id 1881158
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1881158
30
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=973381
reference_id 973381
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=973381
31
reference_url https://github.com/advisories/GHSA-rv39-3qh7-9v7w
reference_id GHSA-rv39-3qh7-9v7w
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-rv39-3qh7-9v7w
fixed_packages
0
url pkg:maven/org.springframework/spring-webmvc@4.2.9.RELEASE
purl pkg:maven/org.springframework/spring-webmvc@4.2.9.RELEASE
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-cyjt-4vjn-mbc7
1
vulnerability VCID-fv26-nhx4-dqd3
2
vulnerability VCID-pb7f-yasx-17ag
3
vulnerability VCID-pht6-8af8-b3f2
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-webmvc@4.2.9.RELEASE
1
url pkg:maven/org.springframework/spring-webmvc@4.3.28.RELEASE
purl pkg:maven/org.springframework/spring-webmvc@4.3.28.RELEASE
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-cyjt-4vjn-mbc7
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-webmvc@4.3.28.RELEASE
2
url pkg:maven/org.springframework/spring-webmvc@4.3.29.RELEASE
purl pkg:maven/org.springframework/spring-webmvc@4.3.29.RELEASE
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-cyjt-4vjn-mbc7
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-webmvc@4.3.29.RELEASE
3
url pkg:maven/org.springframework/spring-webmvc@5.0.18.RELEASE
purl pkg:maven/org.springframework/spring-webmvc@5.0.18.RELEASE
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-cyjt-4vjn-mbc7
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-webmvc@5.0.18.RELEASE
4
url pkg:maven/org.springframework/spring-webmvc@5.0.19.RELEASE
purl pkg:maven/org.springframework/spring-webmvc@5.0.19.RELEASE
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-cyjt-4vjn-mbc7
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-webmvc@5.0.19.RELEASE
5
url pkg:maven/org.springframework/spring-webmvc@5.1.17.RELEASE
purl pkg:maven/org.springframework/spring-webmvc@5.1.17.RELEASE
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-cyjt-4vjn-mbc7
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-webmvc@5.1.17.RELEASE
6
url pkg:maven/org.springframework/spring-webmvc@5.1.18.RELEASE
purl pkg:maven/org.springframework/spring-webmvc@5.1.18.RELEASE
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-cyjt-4vjn-mbc7
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-webmvc@5.1.18.RELEASE
7
url pkg:maven/org.springframework/spring-webmvc@5.2.8.RELEASE
purl pkg:maven/org.springframework/spring-webmvc@5.2.8.RELEASE
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-cyjt-4vjn-mbc7
1
vulnerability VCID-dy4t-tm9m-rfex
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-webmvc@5.2.8.RELEASE
8
url pkg:maven/org.springframework/spring-webmvc@5.2.9.RELEASE
purl pkg:maven/org.springframework/spring-webmvc@5.2.9.RELEASE
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-cyjt-4vjn-mbc7
1
vulnerability VCID-dy4t-tm9m-rfex
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-webmvc@5.2.9.RELEASE
aliases CVE-2020-5421, GHSA-rv39-3qh7-9v7w
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-y3uz-etva-sufh
Fixing_vulnerabilities
0
url VCID-53gt-nbgk-hyc2
vulnerability_id VCID-53gt-nbgk-hyc2
summary Directory traversal vulnerability in Pivotal Spring Framework 3.x before 3.2.9 and 4.0 before 4.0.5 allows remote attackers to read arbitrary files via a crafted URL.
references
0
reference_url http://jvndb.jvn.jp/en/contents/2014/JVNDB-2014-000054.html
reference_id
reference_type
scores
url http://jvndb.jvn.jp/en/contents/2014/JVNDB-2014-000054.html
1
reference_url http://jvndb.jvn.jp/jvndb/JVNDB-2014-000054
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://jvndb.jvn.jp/jvndb/JVNDB-2014-000054
2
reference_url http://jvn.jp/en/jp/JVN49154900/index.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://jvn.jp/en/jp/JVN49154900/index.html
3
reference_url http://rhn.redhat.com/errata/RHSA-2015-0720.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2015-0720.html
4
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3578.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3578.json
5
reference_url https://api.first.org/data/v1/epss?cve=CVE-2014-3578
reference_id
reference_type
scores
0
value 0.04358
scoring_system epss
scoring_elements 0.88964
published_at 2026-04-18T12:55:00Z
1
value 0.04358
scoring_system epss
scoring_elements 0.88899
published_at 2026-04-01T12:55:00Z
2
value 0.04358
scoring_system epss
scoring_elements 0.88907
published_at 2026-04-02T12:55:00Z
3
value 0.04358
scoring_system epss
scoring_elements 0.88923
published_at 2026-04-04T12:55:00Z
4
value 0.04358
scoring_system epss
scoring_elements 0.88925
published_at 2026-04-07T12:55:00Z
5
value 0.04358
scoring_system epss
scoring_elements 0.88944
published_at 2026-04-08T12:55:00Z
6
value 0.04358
scoring_system epss
scoring_elements 0.88949
published_at 2026-04-09T12:55:00Z
7
value 0.04358
scoring_system epss
scoring_elements 0.8896
published_at 2026-04-11T12:55:00Z
8
value 0.04358
scoring_system epss
scoring_elements 0.88954
published_at 2026-04-12T12:55:00Z
9
value 0.04358
scoring_system epss
scoring_elements 0.88953
published_at 2026-04-13T12:55:00Z
10
value 0.04358
scoring_system epss
scoring_elements 0.88966
published_at 2026-04-16T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2014-3578
6
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1131882
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=1131882
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3578
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3578
8
reference_url https://github.com/spring-projects/spring-framework
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/spring-projects/spring-framework
9
reference_url https://github.com/spring-projects/spring-framework/commit/748167bfa33c3c69db2d8dbdc3a0e9da692da3a0
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/spring-projects/spring-framework/commit/748167bfa33c3c69db2d8dbdc3a0e9da692da3a0
10
reference_url https://github.com/spring-projects/spring-framework/commit/8e096aeef55287dc829484996c9330cf755891a1
reference_id
reference_type
scores
url https://github.com/spring-projects/spring-framework/commit/8e096aeef55287dc829484996c9330cf755891a1
11
reference_url https://github.com/spring-projects/spring-framework/commit/8ee465103850a3dca018273fe5952e40d5c45a66
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/spring-projects/spring-framework/commit/8ee465103850a3dca018273fe5952e40d5c45a66
12
reference_url https://github.com/spring-projects/spring-framework/commit/c6503ebbf7c9e21ff022c58706dbac5417b2b5eb
reference_id
reference_type
scores
url https://github.com/spring-projects/spring-framework/commit/c6503ebbf7c9e21ff022c58706dbac5417b2b5eb
13
reference_url https://github.com/spring-projects/spring-framework/commit/f6fddeb6eb7da625fd711ab371ff16512f431e8d
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/spring-projects/spring-framework/commit/f6fddeb6eb7da625fd711ab371ff16512f431e8d
14
reference_url https://github.com/spring-projects/spring-framework/issues/16414
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/spring-projects/spring-framework/issues/16414
15
reference_url https://jira.spring.io/browse/SPR-12354
reference_id
reference_type
scores
url https://jira.spring.io/browse/SPR-12354
16
reference_url https://lists.debian.org/debian-lts-announce/2019/07/msg00012.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2019/07/msg00012.html
17
reference_url https://rhn.redhat.com/errata/RHSA-2015-0234.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://rhn.redhat.com/errata/RHSA-2015-0234.html
18
reference_url https://rhn.redhat.com/errata/RHSA-2015-0235.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://rhn.redhat.com/errata/RHSA-2015-0235.html
19
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=760733
reference_id 760733
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=760733
20
reference_url http://pivotal.io/security/cve-2014-3578
reference_id CVE-2014-3578
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://pivotal.io/security/cve-2014-3578
21
reference_url https://nvd.nist.gov/vuln/detail/CVE-2014-3578
reference_id CVE-2014-3578
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2014-3578
22
reference_url http://www.pivotal.io/security/cve-2014-3578
reference_id CVE-2014-3578
reference_type
scores
url http://www.pivotal.io/security/cve-2014-3578
23
reference_url https://github.com/advisories/GHSA-rhcg-rwhx-qj3j
reference_id GHSA-rhcg-rwhx-qj3j
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-rhcg-rwhx-qj3j
24
reference_url https://access.redhat.com/errata/RHSA-2015:0234
reference_id RHSA-2015:0234
reference_type
scores
url https://access.redhat.com/errata/RHSA-2015:0234
25
reference_url https://access.redhat.com/errata/RHSA-2015:0235
reference_id RHSA-2015:0235
reference_type
scores
url https://access.redhat.com/errata/RHSA-2015:0235
26
reference_url https://access.redhat.com/errata/RHSA-2015:0675
reference_id RHSA-2015:0675
reference_type
scores
url https://access.redhat.com/errata/RHSA-2015:0675
27
reference_url https://access.redhat.com/errata/RHSA-2015:0720
reference_id RHSA-2015:0720
reference_type
scores
url https://access.redhat.com/errata/RHSA-2015:0720
28
reference_url https://usn.ubuntu.com/USN-4774-1/
reference_id USN-USN-4774-1
reference_type
scores
url https://usn.ubuntu.com/USN-4774-1/
fixed_packages
0
url pkg:maven/org.springframework/spring-webmvc@3.2.9.RELEASE
purl pkg:maven/org.springframework/spring-webmvc@3.2.9.RELEASE
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-9v66-xp9z-8kea
1
vulnerability VCID-cyjt-4vjn-mbc7
2
vulnerability VCID-fv26-nhx4-dqd3
3
vulnerability VCID-j3wr-npbv-8qcw
4
vulnerability VCID-pb7f-yasx-17ag
5
vulnerability VCID-y3uz-etva-sufh
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-webmvc@3.2.9.RELEASE
1
url pkg:maven/org.springframework/spring-webmvc@4.0.5.RELEASE
purl pkg:maven/org.springframework/spring-webmvc@4.0.5.RELEASE
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-9v66-xp9z-8kea
1
vulnerability VCID-cyjt-4vjn-mbc7
2
vulnerability VCID-fv26-nhx4-dqd3
3
vulnerability VCID-pb7f-yasx-17ag
4
vulnerability VCID-y3uz-etva-sufh
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-webmvc@4.0.5.RELEASE
aliases CVE-2014-3578, GHSA-rhcg-rwhx-qj3j
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-53gt-nbgk-hyc2
1
url VCID-r384-aque-vqcw
vulnerability_id VCID-r384-aque-vqcw
summary When processing user provided XML documents, the Spring Framework 4.0.0 to 4.0.4, 3.0.0 to 3.2.8, and possibly earlier unsupported versions did not disable by default the resolution of URI references in a DTD declaration. This enabled an XXE attack.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0225.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0225.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2014-0225
reference_id
reference_type
scores
0
value 0.00236
scoring_system epss
scoring_elements 0.46497
published_at 2026-04-12T12:55:00Z
1
value 0.00236
scoring_system epss
scoring_elements 0.46561
published_at 2026-04-18T12:55:00Z
2
value 0.00236
scoring_system epss
scoring_elements 0.46563
published_at 2026-04-16T12:55:00Z
3
value 0.00236
scoring_system epss
scoring_elements 0.46506
published_at 2026-04-13T12:55:00Z
4
value 0.00236
scoring_system epss
scoring_elements 0.46438
published_at 2026-04-01T12:55:00Z
5
value 0.00236
scoring_system epss
scoring_elements 0.46478
published_at 2026-04-02T12:55:00Z
6
value 0.00236
scoring_system epss
scoring_elements 0.46498
published_at 2026-04-04T12:55:00Z
7
value 0.00236
scoring_system epss
scoring_elements 0.46447
published_at 2026-04-07T12:55:00Z
8
value 0.00236
scoring_system epss
scoring_elements 0.46502
published_at 2026-04-09T12:55:00Z
9
value 0.00236
scoring_system epss
scoring_elements 0.46526
published_at 2026-04-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2014-0225
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-0225
reference_id
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-0225
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0225
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0225
4
reference_url https://github.com/spring-projects/spring-framework/commit/44ee51a6c9c3734b3fcf9a20817117e86047d753
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/spring-projects/spring-framework/commit/44ee51a6c9c3734b3fcf9a20817117e86047d753
5
reference_url https://github.com/spring-projects/spring-framework/commit/8e096aeef55287dc829484996c9330cf755891a1
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/spring-projects/spring-framework/commit/8e096aeef55287dc829484996c9330cf755891a1
6
reference_url https://github.com/spring-projects/spring-framework/commit/c6503ebbf7c9e21ff022c58706dbac5417b2b5eb
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/spring-projects/spring-framework/commit/c6503ebbf7c9e21ff022c58706dbac5417b2b5eb
7
reference_url https://jira.spring.io/browse/SPR-11768
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://jira.spring.io/browse/SPR-11768
8
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1110110
reference_id 1110110
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1110110
9
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=753470
reference_id 753470
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=753470
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2014-0225
reference_id CVE-2014-0225
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2014-0225
11
reference_url https://pivotal.io/security/cve-2014-0225
reference_id CVE-2014-0225
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://pivotal.io/security/cve-2014-0225
12
reference_url http://www.gopivotal.com/security/cve-2014-0225
reference_id CVE-2014-0225
reference_type
scores
url http://www.gopivotal.com/security/cve-2014-0225
13
reference_url https://github.com/advisories/GHSA-f93f-g33r-8pcp
reference_id GHSA-f93f-g33r-8pcp
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-f93f-g33r-8pcp
14
reference_url https://access.redhat.com/errata/RHSA-2014:1351
reference_id RHSA-2014:1351
reference_type
scores
url https://access.redhat.com/errata/RHSA-2014:1351
15
reference_url https://usn.ubuntu.com/USN-4774-1/
reference_id USN-USN-4774-1
reference_type
scores
url https://usn.ubuntu.com/USN-4774-1/
fixed_packages
0
url pkg:maven/org.springframework/spring-webmvc@3.2.8
purl pkg:maven/org.springframework/spring-webmvc@3.2.8
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-webmvc@3.2.8
1
url pkg:maven/org.springframework/spring-webmvc@3.2.8.RELEASE
purl pkg:maven/org.springframework/spring-webmvc@3.2.8.RELEASE
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-53gt-nbgk-hyc2
1
vulnerability VCID-9v66-xp9z-8kea
2
vulnerability VCID-cyjt-4vjn-mbc7
3
vulnerability VCID-fv26-nhx4-dqd3
4
vulnerability VCID-j3wr-npbv-8qcw
5
vulnerability VCID-pb7f-yasx-17ag
6
vulnerability VCID-y3uz-etva-sufh
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-webmvc@3.2.8.RELEASE
2
url pkg:maven/org.springframework/spring-webmvc@4.0.5
purl pkg:maven/org.springframework/spring-webmvc@4.0.5
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-webmvc@4.0.5
3
url pkg:maven/org.springframework/spring-webmvc@4.0.5.RELEASE
purl pkg:maven/org.springframework/spring-webmvc@4.0.5.RELEASE
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-9v66-xp9z-8kea
1
vulnerability VCID-cyjt-4vjn-mbc7
2
vulnerability VCID-fv26-nhx4-dqd3
3
vulnerability VCID-pb7f-yasx-17ag
4
vulnerability VCID-y3uz-etva-sufh
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-webmvc@4.0.5.RELEASE
aliases CVE-2014-0225, GHSA-f93f-g33r-8pcp
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-r384-aque-vqcw
Risk_score10.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-webmvc@4.0.5.RELEASE