Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:maven/org.springframework/spring-web@4.2.9.RELEASE
Typemaven
Namespaceorg.springframework
Namespring-web
Version4.2.9.RELEASE
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version6.1.12
Latest_non_vulnerable_version6.2.8
Affected_by_vulnerabilities
0
url VCID-5ng1-3a32-cugs
vulnerability_id VCID-5ng1-3a32-cugs
summary 
Spring Framework URL Parsing with Host Validation
Applications that use UriComponentsBuilder to parse an externally provided URL (e.g. through a query parameter) AND perform validation checks on the host of the parsed URL may be vulnerable to a  open redirect https://cwe.mitre.org/data/definitions/601.html  attack or to a SSRF attack if the URL is used after passing validation checks.

This is the same as  CVE-2024-22259 https://spring.io/security/cve-2024-22259  and  CVE-2024-22243 https://spring.io/security/cve-2024-22243 , but with different input.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-22262.json
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-22262.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-22262
reference_id
reference_type
scores
0
value 0.12634
scoring_system epss
scoring_elements 0.93992
published_at 2026-04-21T12:55:00Z
1
value 0.12634
scoring_system epss
scoring_elements 0.93952
published_at 2026-04-04T12:55:00Z
2
value 0.12634
scoring_system epss
scoring_elements 0.9397
published_at 2026-04-13T12:55:00Z
3
value 0.12634
scoring_system epss
scoring_elements 0.93967
published_at 2026-04-09T12:55:00Z
4
value 0.12634
scoring_system epss
scoring_elements 0.93964
published_at 2026-04-08T12:55:00Z
5
value 0.12634
scoring_system epss
scoring_elements 0.93955
published_at 2026-04-07T12:55:00Z
6
value 0.12634
scoring_system epss
scoring_elements 0.93943
published_at 2026-04-02T12:55:00Z
7
value 0.12634
scoring_system epss
scoring_elements 0.93991
published_at 2026-04-18T12:55:00Z
8
value 0.12634
scoring_system epss
scoring_elements 0.93985
published_at 2026-04-16T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-22262
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-22262
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-22262
3
reference_url https://github.com/spring-projects/spring-framework
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/spring-projects/spring-framework
4
reference_url https://github.com/spring-projects/spring-framework/blob/main/spring-web/src/main/java/org/springframework/web/util/UriComponentsBuilder.java
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/spring-projects/spring-framework/blob/main/spring-web/src/main/java/org/springframework/web/util/UriComponentsBuilder.java
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-22262
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-22262
6
reference_url https://security.netapp.com/advisory/ntap-20240524-0003
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20240524-0003
7
reference_url https://spring.io/security/cve-2024-22262
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-08-27T03:55:13Z/
url https://spring.io/security/cve-2024-22262
8
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2275257
reference_id 2275257
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2275257
9
reference_url https://github.com/advisories/GHSA-2wrp-6fg6-hmc5
reference_id GHSA-2wrp-6fg6-hmc5
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-2wrp-6fg6-hmc5
10
reference_url https://security.netapp.com/advisory/ntap-20240524-0003/
reference_id ntap-20240524-0003
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-08-27T03:55:13Z/
url https://security.netapp.com/advisory/ntap-20240524-0003/
11
reference_url https://access.redhat.com/errata/RHSA-2024:3708
reference_id RHSA-2024:3708
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:3708
fixed_packages
0
url pkg:maven/org.springframework/spring-web@5.3.34
purl pkg:maven/org.springframework/spring-web@5.3.34
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-kpma-e8rd-b7c8
1
vulnerability VCID-x5w8-j62d-m7h6
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-web@5.3.34
1
url pkg:maven/org.springframework/spring-web@6.0.19
purl pkg:maven/org.springframework/spring-web@6.0.19
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-x5w8-j62d-m7h6
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-web@6.0.19
2
url pkg:maven/org.springframework/spring-web@6.1.6
purl pkg:maven/org.springframework/spring-web@6.1.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-x5w8-j62d-m7h6
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-web@6.1.6
aliases CVE-2024-22262, GHSA-2wrp-6fg6-hmc5
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5ng1-3a32-cugs
1
url VCID-kpma-e8rd-b7c8
vulnerability_id VCID-kpma-e8rd-b7c8
summary 
Pivotal Spring Framework contains unsafe Java deserialization methods
Pivotal Spring Framework before 6.0.0 suffers from a potential remote code execution (RCE) issue if used for Java deserialization of untrusted data. Depending on how the library is implemented within a product, this issue may or not occur, and authentication may be required.

Maintainers recommend investigating alternative components or a potential mitigating control. Version 4.2.6 and 3.2.17 contain [enhanced documentation](https://github.com/spring-projects/spring-framework/commit/5cbe90b2cd91b866a5a9586e460f311860e11cfa) advising users to take precautions against unsafe Java deserialization, version 5.3.0 [deprecate the impacted classes](https://github.com/spring-projects/spring-framework/issues/25379) and version 6.0.0 [removed it entirely](https://github.com/spring-projects/spring-framework/issues/27422).
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-1000027.json
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-1000027.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2016-1000027
reference_id
reference_type
scores
0
value 0.60417
scoring_system epss
scoring_elements 0.98289
published_at 2026-04-21T12:55:00Z
1
value 0.60417
scoring_system epss
scoring_elements 0.98288
published_at 2026-04-16T12:55:00Z
2
value 0.60417
scoring_system epss
scoring_elements 0.98266
published_at 2026-04-01T12:55:00Z
3
value 0.60417
scoring_system epss
scoring_elements 0.98269
published_at 2026-04-02T12:55:00Z
4
value 0.60417
scoring_system epss
scoring_elements 0.98282
published_at 2026-04-13T12:55:00Z
5
value 0.60417
scoring_system epss
scoring_elements 0.98281
published_at 2026-04-11T12:55:00Z
6
value 0.60417
scoring_system epss
scoring_elements 0.98278
published_at 2026-04-09T12:55:00Z
7
value 0.60417
scoring_system epss
scoring_elements 0.98272
published_at 2026-04-07T12:55:00Z
8
value 0.60417
scoring_system epss
scoring_elements 0.98277
published_at 2026-04-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2016-1000027
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-1000027
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-1000027
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1000027
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1000027
4
reference_url https://github.com/spring-projects/spring-framework
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/spring-projects/spring-framework
5
reference_url https://github.com/spring-projects/spring-framework/commit/2b051b8b321768a4cfef83077db65c6328ffd60f
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/spring-projects/spring-framework/commit/2b051b8b321768a4cfef83077db65c6328ffd60f
6
reference_url https://github.com/spring-projects/spring-framework/commit/5cbe90b2cd91b866a5a9586e460f311860e11cfa
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/spring-projects/spring-framework/commit/5cbe90b2cd91b866a5a9586e460f311860e11cfa
7
reference_url https://github.com/spring-projects/spring-framework/issues/21680
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/spring-projects/spring-framework/issues/21680
8
reference_url https://github.com/spring-projects/spring-framework/issues/24434
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/spring-projects/spring-framework/issues/24434
9
reference_url https://github.com/spring-projects/spring-framework/issues/24434#issuecomment-1231625331
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/spring-projects/spring-framework/issues/24434#issuecomment-1231625331
10
reference_url https://github.com/spring-projects/spring-framework/issues/24434#issuecomment-579669626
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/spring-projects/spring-framework/issues/24434#issuecomment-579669626
11
reference_url https://github.com/spring-projects/spring-framework/issues/24434#issuecomment-582313417
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/spring-projects/spring-framework/issues/24434#issuecomment-582313417
12
reference_url https://github.com/spring-projects/spring-framework/issues/24434#issuecomment-744519525
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/spring-projects/spring-framework/issues/24434#issuecomment-744519525
13
reference_url https://jira.spring.io/browse/SPR-17143?redirect=false
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://jira.spring.io/browse/SPR-17143?redirect=false
14
reference_url https://nvd.nist.gov/vuln/detail/CVE-2016-1000027
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2016-1000027
15
reference_url https://security.netapp.com/advisory/ntap-20230420-0009
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20230420-0009
16
reference_url https://security.netapp.com/advisory/ntap-20230420-0009/
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20230420-0009/
17
reference_url https://security-tracker.debian.org/tracker/CVE-2016-1000027
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://security-tracker.debian.org/tracker/CVE-2016-1000027
18
reference_url https://spring.io/blog/2022/05/11/spring-framework-5-3-20-and-5-2-22-available-now
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://spring.io/blog/2022/05/11/spring-framework-5-3-20-and-5-2-22-available-now
19
reference_url https://support.contrastsecurity.com/hc/en-us/articles/4402400830612-Spring-web-Java-Deserialization-CVE-2016-1000027
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://support.contrastsecurity.com/hc/en-us/articles/4402400830612-Spring-web-Java-Deserialization-CVE-2016-1000027
20
reference_url https://www.tenable.com/security/research/tra-2016-20
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.tenable.com/security/research/tra-2016-20
21
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1357929
reference_id 1357929
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1357929
22
reference_url https://github.com/advisories/GHSA-4wrc-f8pq-fpqp
reference_id GHSA-4wrc-f8pq-fpqp
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-4wrc-f8pq-fpqp
fixed_packages
0
url pkg:maven/org.springframework/spring-web@6.0.0
purl pkg:maven/org.springframework/spring-web@6.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2syk-pe22-f7cd
1
vulnerability VCID-5ng1-3a32-cugs
2
vulnerability VCID-dnat-v8gu-aqdn
3
vulnerability VCID-pzz7-mfs4-rfda
4
vulnerability VCID-x5w8-j62d-m7h6
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-web@6.0.0
aliases CVE-2016-1000027, GHSA-4wrc-f8pq-fpqp
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-kpma-e8rd-b7c8
2
url VCID-pht6-8af8-b3f2
vulnerability_id VCID-pht6-8af8-b3f2
summary Spring Framework, version 5.1, versions 5.0.x prior to 5.0.10, versions 4.3.x prior to 4.3.20, and older unsupported versions on the 4.2.x branch provide support for range requests when serving static resources through the ResourceHttpRequestHandler, or starting in 5.0 when an annotated controller returns an org.springframework.core.io.Resource. A malicious user (or attacker) can add a range header with a high number of ranges, or with wide ranges that overlap, or both, for a denial of service attack. This vulnerability affects applications that depend on either spring-webmvc or spring-webflux. Such applications must also have a registration for serving static resources (e.g. JS, CSS, images, and others), or have an annotated controller that returns an org.springframework.core.io.Resource. Spring Boot applications that depend on spring-boot-starter-web or spring-boot-starter-webflux are ready to serve static resources out of the box and are therefore vulnerable.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-15756.json
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-15756.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-15756
reference_id
reference_type
scores
0
value 0.18104
scoring_system epss
scoring_elements 0.95192
published_at 2026-04-21T12:55:00Z
1
value 0.18104
scoring_system epss
scoring_elements 0.95191
published_at 2026-04-18T12:55:00Z
2
value 0.18104
scoring_system epss
scoring_elements 0.95187
published_at 2026-04-16T12:55:00Z
3
value 0.18104
scoring_system epss
scoring_elements 0.95179
published_at 2026-04-13T12:55:00Z
4
value 0.18104
scoring_system epss
scoring_elements 0.95177
published_at 2026-04-12T12:55:00Z
5
value 0.18104
scoring_system epss
scoring_elements 0.95176
published_at 2026-04-11T12:55:00Z
6
value 0.18104
scoring_system epss
scoring_elements 0.95166
published_at 2026-04-08T12:55:00Z
7
value 0.18104
scoring_system epss
scoring_elements 0.95158
published_at 2026-04-07T12:55:00Z
8
value 0.18104
scoring_system epss
scoring_elements 0.95156
published_at 2026-04-04T12:55:00Z
9
value 0.18104
scoring_system epss
scoring_elements 0.95154
published_at 2026-04-02T12:55:00Z
10
value 0.18104
scoring_system epss
scoring_elements 0.95144
published_at 2026-04-01T12:55:00Z
11
value 0.18104
scoring_system epss
scoring_elements 0.9517
published_at 2026-04-09T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-15756
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15756
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15756
3
reference_url https://github.com/spring-projects/spring-framework
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/spring-projects/spring-framework
4
reference_url https://github.com/spring-projects/spring-framework/commit/044772641d12b9281185f6cf50f8485b8747132
reference_id
reference_type
scores
url https://github.com/spring-projects/spring-framework/commit/044772641d12b9281185f6cf50f8485b8747132
5
reference_url https://github.com/spring-projects/spring-framework/commit/423aa28ed584b4ff6e5bad218c09beef5e91951
reference_id
reference_type
scores
url https://github.com/spring-projects/spring-framework/commit/423aa28ed584b4ff6e5bad218c09beef5e91951
6
reference_url https://github.com/spring-projects/spring-framework/commit/c8e320019ffe7298fc4cbeeb194b2bfd6389b6d
reference_id
reference_type
scores
url https://github.com/spring-projects/spring-framework/commit/c8e320019ffe7298fc4cbeeb194b2bfd6389b6d
7
reference_url https://lists.apache.org/thread.html/339fd112517e4873695b5115b96acdddbfc8f83b10598528d37c7d12@%3Cissues.activemq.apache.org%3E
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/339fd112517e4873695b5115b96acdddbfc8f83b10598528d37c7d12@%3Cissues.activemq.apache.org%3E
8
reference_url https://lists.apache.org/thread.html/77886fec378ee6064debb1efb6b464a4a0173b2ff0d151ed86d3a228@%3Cissues.activemq.apache.org%3E
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/77886fec378ee6064debb1efb6b464a4a0173b2ff0d151ed86d3a228@%3Cissues.activemq.apache.org%3E
9
reference_url https://lists.apache.org/thread.html/7b156ee50ba3ecce87b33c06bf7a749d84ffee55e69bfb5eca88fcc3@%3Cissues.activemq.apache.org%3E
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/7b156ee50ba3ecce87b33c06bf7a749d84ffee55e69bfb5eca88fcc3@%3Cissues.activemq.apache.org%3E
10
reference_url https://lists.apache.org/thread.html/8a1fe70534fc52ff5c9db5ac29c55657f802cbefd7e9d9850c7052bd@%3Cissues.activemq.apache.org%3E
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/8a1fe70534fc52ff5c9db5ac29c55657f802cbefd7e9d9850c7052bd@%3Cissues.activemq.apache.org%3E
11
reference_url https://lists.apache.org/thread.html/a3071e11c6fbd593022074ec1b4693f6d948c2b02cfa4a5d854aed68@%3Cissues.activemq.apache.org%3E
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/a3071e11c6fbd593022074ec1b4693f6d948c2b02cfa4a5d854aed68@%3Cissues.activemq.apache.org%3E
12
reference_url https://lists.apache.org/thread.html/bb354962cb51fff65740d5fb1bc2aac56af577c06244b57c36f98e4d@%3Cissues.activemq.apache.org%3E
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/bb354962cb51fff65740d5fb1bc2aac56af577c06244b57c36f98e4d@%3Cissues.activemq.apache.org%3E
13
reference_url https://lists.apache.org/thread.html/d6a84f52db89804b0ad965f3ea2b24bb880edee29107a1c5069cc3dd@%3Cissues.activemq.apache.org%3E
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/d6a84f52db89804b0ad965f3ea2b24bb880edee29107a1c5069cc3dd@%3Cissues.activemq.apache.org%3E
14
reference_url https://lists.apache.org/thread.html/efaa52b0aa67aae7cbd9e6ef96945387e422d7ce0e65434570a37b1d@%3Cissues.activemq.apache.org%3E
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/efaa52b0aa67aae7cbd9e6ef96945387e422d7ce0e65434570a37b1d@%3Cissues.activemq.apache.org%3E
15
reference_url https://lists.apache.org/thread.html/f8905507a2c94af6b08b72d7be0c4b8c6660e585f00abfafeccc86bc@%3Cissues.activemq.apache.org%3E
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/f8905507a2c94af6b08b72d7be0c4b8c6660e585f00abfafeccc86bc@%3Cissues.activemq.apache.org%3E
16
reference_url https://lists.debian.org/debian-lts-announce/2021/04/msg00022.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2021/04/msg00022.html
17
reference_url https://www.oracle.com/security-alerts/cpuapr2020.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuapr2020.html
18
reference_url https://www.oracle.com/security-alerts/cpujan2020.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpujan2020.html
19
reference_url https://www.oracle.com/security-alerts/cpujan2021.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpujan2021.html
20
reference_url https://www.oracle.com/security-alerts/cpujul2020.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpujul2020.html
21
reference_url https://www.oracle.com//security-alerts/cpujul2021.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com//security-alerts/cpujul2021.html
22
reference_url https://www.oracle.com/security-alerts/cpuoct2021.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuoct2021.html
23
reference_url https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
24
reference_url https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
25
reference_url https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html
26
reference_url http://www.securityfocus.com/bid/105703
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.securityfocus.com/bid/105703
27
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1643043
reference_id 1643043
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1643043
28
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=911786
reference_id 911786
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=911786
29
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-15756
reference_id CVE-2018-15756
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-15756
30
reference_url https://pivotal.io/security/cve-2018-15756
reference_id CVE-2018-15756
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://pivotal.io/security/cve-2018-15756
31
reference_url https://github.com/advisories/GHSA-ffvq-7w96-97p7
reference_id GHSA-ffvq-7w96-97p7
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-ffvq-7w96-97p7
32
reference_url https://access.redhat.com/errata/RHSA-2020:0983
reference_id RHSA-2020:0983
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:0983
33
reference_url https://access.redhat.com/errata/RHSA-2020:3133
reference_id RHSA-2020:3133
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:3133
fixed_packages
0
url pkg:maven/org.springframework/spring-web@4.3.20.RELEASE
purl pkg:maven/org.springframework/spring-web@4.3.20.RELEASE
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5ng1-3a32-cugs
1
vulnerability VCID-kpma-e8rd-b7c8
2
vulnerability VCID-x5w8-j62d-m7h6
3
vulnerability VCID-y3uz-etva-sufh
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-web@4.3.20.RELEASE
1
url pkg:maven/org.springframework/spring-web@5.0.10.RELEASE
purl pkg:maven/org.springframework/spring-web@5.0.10.RELEASE
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5ng1-3a32-cugs
1
vulnerability VCID-kpma-e8rd-b7c8
2
vulnerability VCID-u7kk-c6fm-judy
3
vulnerability VCID-x5w8-j62d-m7h6
4
vulnerability VCID-y3uz-etva-sufh
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-web@5.0.10.RELEASE
2
url pkg:maven/org.springframework/spring-web@5.1.1.RELEASE
purl pkg:maven/org.springframework/spring-web@5.1.1.RELEASE
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5ng1-3a32-cugs
1
vulnerability VCID-kpma-e8rd-b7c8
2
vulnerability VCID-u7kk-c6fm-judy
3
vulnerability VCID-x5w8-j62d-m7h6
4
vulnerability VCID-y3uz-etva-sufh
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-web@5.1.1.RELEASE
aliases CVE-2018-15756, GHSA-ffvq-7w96-97p7
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-pht6-8af8-b3f2
3
url VCID-x5w8-j62d-m7h6
vulnerability_id VCID-x5w8-j62d-m7h6
summary 
Spring Framework DoS via conditional HTTP request
### Description
Applications that parse ETags from `If-Match` or `If-None-Match` request headers are vulnerable to DoS attack.

### Affected Spring Products and Versions
org.springframework:spring-web in versions 

6.1.0 through 6.1.11
6.0.0 through 6.0.22
5.3.0 through 5.3.37

Older, unsupported versions are also affected

### Mitigation
Users of affected versions should upgrade to the corresponding fixed version.
6.1.x -> 6.1.12
6.0.x -> 6.0.23
5.3.x -> 5.3.38
No other mitigation steps are necessary.

Users of older, unsupported versions could enforce a size limit on `If-Match` and `If-None-Match` headers, e.g. through a Filter.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-38809.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-38809.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-38809
reference_id
reference_type
scores
0
value 0.0014
scoring_system epss
scoring_elements 0.3416
published_at 2026-04-21T12:55:00Z
1
value 0.0014
scoring_system epss
scoring_elements 0.34196
published_at 2026-04-18T12:55:00Z
2
value 0.0014
scoring_system epss
scoring_elements 0.34208
published_at 2026-04-16T12:55:00Z
3
value 0.0014
scoring_system epss
scoring_elements 0.34176
published_at 2026-04-13T12:55:00Z
4
value 0.0014
scoring_system epss
scoring_elements 0.34199
published_at 2026-04-12T12:55:00Z
5
value 0.0014
scoring_system epss
scoring_elements 0.3421
published_at 2026-04-08T12:55:00Z
6
value 0.0014
scoring_system epss
scoring_elements 0.34168
published_at 2026-04-07T12:55:00Z
7
value 0.0014
scoring_system epss
scoring_elements 0.34304
published_at 2026-04-04T12:55:00Z
8
value 0.0014
scoring_system epss
scoring_elements 0.34272
published_at 2026-04-02T12:55:00Z
9
value 0.0014
scoring_system epss
scoring_elements 0.3424
published_at 2026-04-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-38809
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38809
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38809
3
reference_url https://github.com/spring-projects/spring-framework
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/spring-projects/spring-framework
4
reference_url https://github.com/spring-projects/spring-framework/commit/582bfccbb72e5c8959a0b472d1dc7d03a20520f3
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/spring-projects/spring-framework/commit/582bfccbb72e5c8959a0b472d1dc7d03a20520f3
5
reference_url https://github.com/spring-projects/spring-framework/commit/8d16a50907c11f7e6b407d878a26e84eba08a533
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/spring-projects/spring-framework/commit/8d16a50907c11f7e6b407d878a26e84eba08a533
6
reference_url https://github.com/spring-projects/spring-framework/commit/bb17ad8314b81850a939fd265fb53b3361705e85
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/spring-projects/spring-framework/commit/bb17ad8314b81850a939fd265fb53b3361705e85
7
reference_url https://github.com/spring-projects/spring-framework/issues/33372
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/spring-projects/spring-framework/issues/33372
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-38809
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-38809
9
reference_url https://spring.io/security/cve-2024-38809
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-27T18:49:57Z/
url https://spring.io/security/cve-2024-38809
10
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2314495
reference_id 2314495
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2314495
11
reference_url https://github.com/advisories/GHSA-2rmj-mq67-h97g
reference_id GHSA-2rmj-mq67-h97g
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-2rmj-mq67-h97g
12
reference_url https://access.redhat.com/errata/RHSA-2024:8064
reference_id RHSA-2024:8064
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:8064
fixed_packages
0
url pkg:maven/org.springframework/spring-web@5.3.38
purl pkg:maven/org.springframework/spring-web@5.3.38
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-kpma-e8rd-b7c8
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-web@5.3.38
1
url pkg:maven/org.springframework/spring-web@6.0.23
purl pkg:maven/org.springframework/spring-web@6.0.23
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-q4ad-g67b-efaj
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-web@6.0.23
2
url pkg:maven/org.springframework/spring-web@6.1.12
purl pkg:maven/org.springframework/spring-web@6.1.12
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-web@6.1.12
aliases CVE-2024-38809, GHSA-2rmj-mq67-h97g
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-x5w8-j62d-m7h6
Fixing_vulnerabilities
0
url VCID-y3uz-etva-sufh
vulnerability_id VCID-y3uz-etva-sufh
summary 
Improper Input Validation in Spring Framework
In Spring Framework versions 5.2.0 - 5.2.8, 5.1.0 - 5.1.17, 5.0.0 - 5.0.18, 4.3.0 - 4.3.28, and older unsupported versions, the protections against RFD attacks from CVE-2015-5211 may be bypassed depending on the browser used through the use of a jsessionid path parameter.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-5421.json
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-5421.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-5421
reference_id
reference_type
scores
0
value 0.63828
scoring_system epss
scoring_elements 0.98431
published_at 2026-04-21T12:55:00Z
1
value 0.63828
scoring_system epss
scoring_elements 0.98432
published_at 2026-04-16T12:55:00Z
2
value 0.63828
scoring_system epss
scoring_elements 0.98427
published_at 2026-04-13T12:55:00Z
3
value 0.63828
scoring_system epss
scoring_elements 0.98424
published_at 2026-04-09T12:55:00Z
4
value 0.63828
scoring_system epss
scoring_elements 0.98423
published_at 2026-04-08T12:55:00Z
5
value 0.63828
scoring_system epss
scoring_elements 0.9842
published_at 2026-04-07T12:55:00Z
6
value 0.63828
scoring_system epss
scoring_elements 0.98417
published_at 2026-04-04T12:55:00Z
7
value 0.63828
scoring_system epss
scoring_elements 0.98414
published_at 2026-04-02T12:55:00Z
8
value 0.63828
scoring_system epss
scoring_elements 0.98412
published_at 2026-04-01T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-5421
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5421
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5421
3
reference_url https://lists.apache.org/thread.html/r1c679c43fa4f7846d748a937955c7921436d1b315445978254442163@%3Ccommits.ambari.apache.org%3E
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r1c679c43fa4f7846d748a937955c7921436d1b315445978254442163@%3Ccommits.ambari.apache.org%3E
4
reference_url https://lists.apache.org/thread.html/r1eccdbd7986618a7319ee7a533bd9d9bf6e8678e59dd4cca9b5b2d7a@%3Cissues.ambari.apache.org%3E
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r1eccdbd7986618a7319ee7a533bd9d9bf6e8678e59dd4cca9b5b2d7a@%3Cissues.ambari.apache.org%3E
5
reference_url https://lists.apache.org/thread.html/r3589ed0d18edeb79028615080d5a0e8878856436bb91774a3196d9eb@%3Ccommits.pulsar.apache.org%3E
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r3589ed0d18edeb79028615080d5a0e8878856436bb91774a3196d9eb@%3Ccommits.pulsar.apache.org%3E
6
reference_url https://lists.apache.org/thread.html/r503e64b43a57fd68229cac4a869d1a9a2eac9e75f8719cad3a840211@%3Ccommits.pulsar.apache.org%3E
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r503e64b43a57fd68229cac4a869d1a9a2eac9e75f8719cad3a840211@%3Ccommits.pulsar.apache.org%3E
7
reference_url https://lists.apache.org/thread.html/r5c95eff679dfc642e9e4ab5ac6d202248a59cb1e9457cfbe8b729ac5@%3Cissues.ambari.apache.org%3E
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r5c95eff679dfc642e9e4ab5ac6d202248a59cb1e9457cfbe8b729ac5@%3Cissues.ambari.apache.org%3E
8
reference_url https://lists.apache.org/thread.html/r7e6a213eea7f04fc6d9e3bd6eb8d68c4df92a22e956e95cb2c482865@%3Cissues.hive.apache.org%3E
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r7e6a213eea7f04fc6d9e3bd6eb8d68c4df92a22e956e95cb2c482865@%3Cissues.hive.apache.org%3E
9
reference_url https://lists.apache.org/thread.html/r8b496b1743d128e6861ee0ed3c3c48cc56c505b38f84fa5baf7ae33a@%3Cdev.ambari.apache.org%3E
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r8b496b1743d128e6861ee0ed3c3c48cc56c505b38f84fa5baf7ae33a@%3Cdev.ambari.apache.org%3E
10
reference_url https://lists.apache.org/thread.html/r918caad55dcc640a16753b00d8d6acb90b4e36de4b6156d0867246ec@%3Ccommits.pulsar.apache.org%3E
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r918caad55dcc640a16753b00d8d6acb90b4e36de4b6156d0867246ec@%3Ccommits.pulsar.apache.org%3E
11
reference_url https://lists.apache.org/thread.html/r9f13cccb214495e14648d2c9b8f2c6072fd5219e74502dd35ede81e1@%3Cdev.ambari.apache.org%3E
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r9f13cccb214495e14648d2c9b8f2c6072fd5219e74502dd35ede81e1@%3Cdev.ambari.apache.org%3E
12
reference_url https://lists.apache.org/thread.html/ra889d95141059c6cbe77dd80249bb488ae53b274b5f3abad09d9511d@%3Cuser.ignite.apache.org%3E
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/ra889d95141059c6cbe77dd80249bb488ae53b274b5f3abad09d9511d@%3Cuser.ignite.apache.org%3E
13
reference_url https://lists.apache.org/thread.html/raf7ca57033e537e4f9d7df7f192fa6968c1e49409b2348e08d807ccb@%3Cuser.ignite.apache.org%3E
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/raf7ca57033e537e4f9d7df7f192fa6968c1e49409b2348e08d807ccb@%3Cuser.ignite.apache.org%3E
14
reference_url https://lists.apache.org/thread.html/rb18ed999153ef0f0cb7af03efe0046c42c7242fd77fbd884a75ecfdc@%3Ccommits.pulsar.apache.org%3E
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rb18ed999153ef0f0cb7af03efe0046c42c7242fd77fbd884a75ecfdc@%3Ccommits.pulsar.apache.org%3E
15
reference_url https://lists.apache.org/thread.html/rc9efaf6db98bee19db1bc911d0fa442287dac5cb229d4aaa08b6a13d@%3Cissues.hive.apache.org%3E
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rc9efaf6db98bee19db1bc911d0fa442287dac5cb229d4aaa08b6a13d@%3Cissues.hive.apache.org%3E
16
reference_url https://lists.apache.org/thread.html/rd462a8b0dfab4c15e67c0672cd3c211ecd0e4f018f824082ed54f665@%3Cissues.hive.apache.org%3E
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rd462a8b0dfab4c15e67c0672cd3c211ecd0e4f018f824082ed54f665@%3Cissues.hive.apache.org%3E
17
reference_url https://lists.apache.org/thread.html/re014a49d77f038ba70e5e9934d400af6653e8c9ac110d32b1254127e@%3Cdev.ranger.apache.org%3E
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/re014a49d77f038ba70e5e9934d400af6653e8c9ac110d32b1254127e@%3Cdev.ranger.apache.org%3E
18
reference_url https://lists.apache.org/thread.html/rf00d8f4101a1c1ea4de6ea1e09ddf7472cfd306745c90d6da87ae074@%3Cdev.hive.apache.org%3E
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rf00d8f4101a1c1ea4de6ea1e09ddf7472cfd306745c90d6da87ae074@%3Cdev.hive.apache.org%3E
19
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-5421
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-5421
20
reference_url https://security.netapp.com/advisory/ntap-20210513-0009
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20210513-0009
21
reference_url https://security.netapp.com/advisory/ntap-20210513-0009/
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20210513-0009/
22
reference_url https://tanzu.vmware.com/security/cve-2020-5421
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://tanzu.vmware.com/security/cve-2020-5421
23
reference_url https://www.oracle.com/security-alerts/cpuApr2021.html
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuApr2021.html
24
reference_url https://www.oracle.com/security-alerts/cpuapr2022.html
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuapr2022.html
25
reference_url https://www.oracle.com/security-alerts/cpujan2021.html
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpujan2021.html
26
reference_url https://www.oracle.com/security-alerts/cpujan2022.html
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpujan2022.html
27
reference_url https://www.oracle.com//security-alerts/cpujul2021.html
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.oracle.com//security-alerts/cpujul2021.html
28
reference_url https://www.oracle.com/security-alerts/cpuoct2021.html
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuoct2021.html
29
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1881158
reference_id 1881158
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1881158
30
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=973381
reference_id 973381
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=973381
31
reference_url https://github.com/advisories/GHSA-rv39-3qh7-9v7w
reference_id GHSA-rv39-3qh7-9v7w
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-rv39-3qh7-9v7w
fixed_packages
0
url pkg:maven/org.springframework/spring-web@4.2.9.RELEASE
purl pkg:maven/org.springframework/spring-web@4.2.9.RELEASE
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5ng1-3a32-cugs
1
vulnerability VCID-kpma-e8rd-b7c8
2
vulnerability VCID-pht6-8af8-b3f2
3
vulnerability VCID-x5w8-j62d-m7h6
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-web@4.2.9.RELEASE
1
url pkg:maven/org.springframework/spring-web@4.3.28.RELEASE
purl pkg:maven/org.springframework/spring-web@4.3.28.RELEASE
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5ng1-3a32-cugs
1
vulnerability VCID-kpma-e8rd-b7c8
2
vulnerability VCID-x5w8-j62d-m7h6
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-web@4.3.28.RELEASE
2
url pkg:maven/org.springframework/spring-web@4.3.29.RELEASE
purl pkg:maven/org.springframework/spring-web@4.3.29.RELEASE
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5ng1-3a32-cugs
1
vulnerability VCID-kpma-e8rd-b7c8
2
vulnerability VCID-x5w8-j62d-m7h6
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-web@4.3.29.RELEASE
3
url pkg:maven/org.springframework/spring-web@5.0.18.RELEASE
purl pkg:maven/org.springframework/spring-web@5.0.18.RELEASE
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5ng1-3a32-cugs
1
vulnerability VCID-kpma-e8rd-b7c8
2
vulnerability VCID-x5w8-j62d-m7h6
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-web@5.0.18.RELEASE
4
url pkg:maven/org.springframework/spring-web@5.0.19.RELEASE
purl pkg:maven/org.springframework/spring-web@5.0.19.RELEASE
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5ng1-3a32-cugs
1
vulnerability VCID-kpma-e8rd-b7c8
2
vulnerability VCID-x5w8-j62d-m7h6
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-web@5.0.19.RELEASE
5
url pkg:maven/org.springframework/spring-web@5.1.17.RELEASE
purl pkg:maven/org.springframework/spring-web@5.1.17.RELEASE
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5ng1-3a32-cugs
1
vulnerability VCID-kpma-e8rd-b7c8
2
vulnerability VCID-x5w8-j62d-m7h6
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-web@5.1.17.RELEASE
6
url pkg:maven/org.springframework/spring-web@5.1.18.RELEASE
purl pkg:maven/org.springframework/spring-web@5.1.18.RELEASE
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5ng1-3a32-cugs
1
vulnerability VCID-kpma-e8rd-b7c8
2
vulnerability VCID-x5w8-j62d-m7h6
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-web@5.1.18.RELEASE
7
url pkg:maven/org.springframework/spring-web@5.2.8.RELEASE
purl pkg:maven/org.springframework/spring-web@5.2.8.RELEASE
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5ng1-3a32-cugs
1
vulnerability VCID-kpma-e8rd-b7c8
2
vulnerability VCID-x5w8-j62d-m7h6
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-web@5.2.8.RELEASE
8
url pkg:maven/org.springframework/spring-web@5.2.9.RELEASE
purl pkg:maven/org.springframework/spring-web@5.2.9.RELEASE
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5ng1-3a32-cugs
1
vulnerability VCID-kpma-e8rd-b7c8
2
vulnerability VCID-x5w8-j62d-m7h6
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-web@5.2.9.RELEASE
aliases CVE-2020-5421, GHSA-rv39-3qh7-9v7w
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-y3uz-etva-sufh
Risk_score4.5
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-web@4.2.9.RELEASE