Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:maven/org.springframework/spring-core@5.2.0
Typemaven
Namespaceorg.springframework
Namespring-core
Version5.2.0
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version5.2.24.RELEASE
Latest_non_vulnerable_version6.2.11
Affected_by_vulnerabilities
0
url VCID-cpsj-4k25-wufe
vulnerability_id VCID-cpsj-4k25-wufe
summary 
Improper Privilege Management in Spring Framework
In Spring Framework, versions 5.2.x prior to 5.2.15 and versions 5.3.x prior to 5.3.7, a WebFlux application is vulnerable to a privilege escalation: by (re)creating the temporary storage directory, a locally authenticated malicious user can read or modify files that have been uploaded to the WebFlux application, or overwrite arbitrary files with multipart request data.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-22118.json
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-22118.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-22118
reference_id
reference_type
scores
0
value 0.00253
scoring_system epss
scoring_elements 0.4859
published_at 2026-04-21T12:55:00Z
1
value 0.00253
scoring_system epss
scoring_elements 0.48633
published_at 2026-04-18T12:55:00Z
2
value 0.00253
scoring_system epss
scoring_elements 0.48637
published_at 2026-04-16T12:55:00Z
3
value 0.00253
scoring_system epss
scoring_elements 0.48588
published_at 2026-04-13T12:55:00Z
4
value 0.00253
scoring_system epss
scoring_elements 0.48575
published_at 2026-04-12T12:55:00Z
5
value 0.00253
scoring_system epss
scoring_elements 0.48602
published_at 2026-04-11T12:55:00Z
6
value 0.00253
scoring_system epss
scoring_elements 0.48581
published_at 2026-04-09T12:55:00Z
7
value 0.00253
scoring_system epss
scoring_elements 0.48585
published_at 2026-04-08T12:55:00Z
8
value 0.00253
scoring_system epss
scoring_elements 0.48531
published_at 2026-04-07T12:55:00Z
9
value 0.00253
scoring_system epss
scoring_elements 0.48579
published_at 2026-04-04T12:55:00Z
10
value 0.00253
scoring_system epss
scoring_elements 0.48555
published_at 2026-04-02T12:55:00Z
11
value 0.00253
scoring_system epss
scoring_elements 0.4852
published_at 2026-04-01T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-22118
2
reference_url https://github.com/spring-projects/spring-framework
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/spring-projects/spring-framework
3
reference_url https://github.com/spring-projects/spring-framework/commit/0d0d75e25322d8161002d861fff3ec04ba8be5ac
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/spring-projects/spring-framework/commit/0d0d75e25322d8161002d861fff3ec04ba8be5ac
4
reference_url https://github.com/spring-projects/spring-framework/commit/cce60c479c22101f24b2b4abebb6d79440b120d1
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/spring-projects/spring-framework/commit/cce60c479c22101f24b2b4abebb6d79440b120d1
5
reference_url https://github.com/spring-projects/spring-framework/issues/26931
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/spring-projects/spring-framework/issues/26931
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-22118
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-22118
7
reference_url https://security.netapp.com/advisory/ntap-20210713-0005
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20210713-0005
8
reference_url https://security.netapp.com/advisory/ntap-20210713-0005/
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20210713-0005/
9
reference_url https://spring.io/security/cve-2021-22118
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://spring.io/security/cve-2021-22118
10
reference_url https://tanzu.vmware.com/security/cve-2021-22118
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://tanzu.vmware.com/security/cve-2021-22118
11
reference_url https://www.oracle.com/security-alerts/cpuapr2022.html
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuapr2022.html
12
reference_url https://www.oracle.com/security-alerts/cpujan2022.html
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpujan2022.html
13
reference_url https://www.oracle.com//security-alerts/cpujul2021.html
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com//security-alerts/cpujul2021.html
14
reference_url https://www.oracle.com/security-alerts/cpujul2022.html
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpujul2022.html
15
reference_url https://www.oracle.com/security-alerts/cpuoct2021.html
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuoct2021.html
16
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1974854
reference_id 1974854
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1974854
17
reference_url https://github.com/advisories/GHSA-gfwj-fwqj-fp3v
reference_id GHSA-gfwj-fwqj-fp3v
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-gfwj-fwqj-fp3v
18
reference_url https://access.redhat.com/errata/RHSA-2021:3205
reference_id RHSA-2021:3205
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:3205
19
reference_url https://access.redhat.com/errata/RHSA-2021:4918
reference_id RHSA-2021:4918
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:4918
20
reference_url https://access.redhat.com/errata/RHSA-2021:5134
reference_id RHSA-2021:5134
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:5134
fixed_packages
0
url pkg:maven/org.springframework/spring-core@5.2.14.RELEASE
purl pkg:maven/org.springframework/spring-core@5.2.14.RELEASE
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6ysx-5wcw-f7b5
1
vulnerability VCID-c74k-e1me-pfb2
2
vulnerability VCID-cyjt-4vjn-mbc7
3
vulnerability VCID-dy4t-tm9m-rfex
4
vulnerability VCID-k17s-ttg2-ubgj
5
vulnerability VCID-w6br-v2gm-j7gr
6
vulnerability VCID-ygpk-fb56-sqa4
7
vulnerability VCID-z3th-j593-m7bg
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-core@5.2.14.RELEASE
1
url pkg:maven/org.springframework/spring-core@5.2.15
purl pkg:maven/org.springframework/spring-core@5.2.15
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-core@5.2.15
2
url pkg:maven/org.springframework/spring-core@5.3.7
purl pkg:maven/org.springframework/spring-core@5.3.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6ysx-5wcw-f7b5
1
vulnerability VCID-c74k-e1me-pfb2
2
vulnerability VCID-cyjt-4vjn-mbc7
3
vulnerability VCID-dy4t-tm9m-rfex
4
vulnerability VCID-k17s-ttg2-ubgj
5
vulnerability VCID-k2en-h5n1-r7gr
6
vulnerability VCID-w6br-v2gm-j7gr
7
vulnerability VCID-ygpk-fb56-sqa4
8
vulnerability VCID-z3th-j593-m7bg
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-core@5.3.7
aliases CVE-2021-22118, GHSA-gfwj-fwqj-fp3v
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-cpsj-4k25-wufe
1
url VCID-dy4t-tm9m-rfex
vulnerability_id VCID-dy4t-tm9m-rfex
summary 
Allocation of Resources Without Limits or Throttling in Spring Framework
In Spring Framework versions 5.3.0 - 5.3.16 and older unsupported versions, it is possible for a user to provide a specially crafted SpEL expression that may cause a Denial of Service.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-22950.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-22950.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-22950
reference_id
reference_type
scores
0
value 0.04122
scoring_system epss
scoring_elements 0.8864
published_at 2026-04-21T12:55:00Z
1
value 0.04122
scoring_system epss
scoring_elements 0.88641
published_at 2026-04-18T12:55:00Z
2
value 0.04122
scoring_system epss
scoring_elements 0.88644
published_at 2026-04-16T12:55:00Z
3
value 0.04122
scoring_system epss
scoring_elements 0.88631
published_at 2026-04-13T12:55:00Z
4
value 0.04122
scoring_system epss
scoring_elements 0.88638
published_at 2026-04-11T12:55:00Z
5
value 0.04122
scoring_system epss
scoring_elements 0.88601
published_at 2026-04-04T12:55:00Z
6
value 0.04122
scoring_system epss
scoring_elements 0.88584
published_at 2026-04-02T12:55:00Z
7
value 0.04122
scoring_system epss
scoring_elements 0.88626
published_at 2026-04-09T12:55:00Z
8
value 0.04122
scoring_system epss
scoring_elements 0.88621
published_at 2026-04-08T12:55:00Z
9
value 0.04122
scoring_system epss
scoring_elements 0.88603
published_at 2026-04-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-22950
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22950
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22950
3
reference_url https://github.com/spring-projects/spring-framework
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/spring-projects/spring-framework
4
reference_url https://github.com/spring-projects/spring-framework/commit/83ac65915871067c39a4fb255e0d484c785c0c11
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/spring-projects/spring-framework/commit/83ac65915871067c39a4fb255e0d484c785c0c11
5
reference_url https://github.com/spring-projects/spring-framework/issues/28145
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/spring-projects/spring-framework/issues/28145
6
reference_url https://github.com/spring-projects/spring-framework/issues/28257
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/spring-projects/spring-framework/issues/28257
7
reference_url https://github.com/spring-projects/spring-framework/releases/tag/v5.2.20.RELEASE
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/spring-projects/spring-framework/releases/tag/v5.2.20.RELEASE
8
reference_url https://github.com/spring-projects/spring-framework/releases/tag/v5.3.17
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/spring-projects/spring-framework/releases/tag/v5.3.17
9
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2069414
reference_id 2069414
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2069414
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-22950
reference_id CVE-2022-22950
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-22950
11
reference_url https://tanzu.vmware.com/security/cve-2022-22950
reference_id CVE-2022-22950
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://tanzu.vmware.com/security/cve-2022-22950
12
reference_url https://github.com/advisories/GHSA-558x-2xjg-6232
reference_id GHSA-558x-2xjg-6232
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-558x-2xjg-6232
13
reference_url https://access.redhat.com/errata/RHSA-2022:5532
reference_id RHSA-2022:5532
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:5532
14
reference_url https://access.redhat.com/errata/RHSA-2022:5555
reference_id RHSA-2022:5555
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:5555
15
reference_url https://access.redhat.com/errata/RHSA-2022:5903
reference_id RHSA-2022:5903
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:5903
16
reference_url https://access.redhat.com/errata/RHSA-2022:8761
reference_id RHSA-2022:8761
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:8761
fixed_packages
0
url pkg:maven/org.springframework/spring-core@5.2.20.RELEASE
purl pkg:maven/org.springframework/spring-core@5.2.20.RELEASE
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6ysx-5wcw-f7b5
1
vulnerability VCID-c74k-e1me-pfb2
2
vulnerability VCID-k17s-ttg2-ubgj
3
vulnerability VCID-w6br-v2gm-j7gr
4
vulnerability VCID-z3th-j593-m7bg
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-core@5.2.20.RELEASE
1
url pkg:maven/org.springframework/spring-core@5.3.17
purl pkg:maven/org.springframework/spring-core@5.3.17
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6ysx-5wcw-f7b5
1
vulnerability VCID-c74k-e1me-pfb2
2
vulnerability VCID-cyjt-4vjn-mbc7
3
vulnerability VCID-k17s-ttg2-ubgj
4
vulnerability VCID-k2en-h5n1-r7gr
5
vulnerability VCID-w6br-v2gm-j7gr
6
vulnerability VCID-z3th-j593-m7bg
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-core@5.3.17
aliases CVE-2022-22950, GHSA-558x-2xjg-6232
risk_score 3.4
exploitability 0.5
weighted_severity 6.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-dy4t-tm9m-rfex
2
url VCID-vvyu-uk8r-wuaz
vulnerability_id VCID-vvyu-uk8r-wuaz
summary 
Log entry injection in Spring Framework
In Spring Framework versions 5.3.0 - 5.3.13, 5.2.0 - 5.2.18, and older unsupported versions, it is possible for a user to provide malicious input to cause the insertion of additional log entries. This is a follow-up to CVE-2021-22096 that protects against additional types of input and in more places of the Spring Framework codebase.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-22060.json
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-22060.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-22060
reference_id
reference_type
scores
0
value 0.00164
scoring_system epss
scoring_elements 0.37317
published_at 2026-04-18T12:55:00Z
1
value 0.00164
scoring_system epss
scoring_elements 0.37334
published_at 2026-04-16T12:55:00Z
2
value 0.00164
scoring_system epss
scoring_elements 0.37288
published_at 2026-04-13T12:55:00Z
3
value 0.00164
scoring_system epss
scoring_elements 0.37316
published_at 2026-04-12T12:55:00Z
4
value 0.00164
scoring_system epss
scoring_elements 0.37349
published_at 2026-04-11T12:55:00Z
5
value 0.00164
scoring_system epss
scoring_elements 0.37338
published_at 2026-04-09T12:55:00Z
6
value 0.00164
scoring_system epss
scoring_elements 0.37257
published_at 2026-04-01T12:55:00Z
7
value 0.00164
scoring_system epss
scoring_elements 0.37422
published_at 2026-04-02T12:55:00Z
8
value 0.00164
scoring_system epss
scoring_elements 0.37446
published_at 2026-04-04T12:55:00Z
9
value 0.00164
scoring_system epss
scoring_elements 0.37325
published_at 2026-04-08T12:55:00Z
10
value 0.00164
scoring_system epss
scoring_elements 0.37274
published_at 2026-04-07T12:55:00Z
11
value 0.00168
scoring_system epss
scoring_elements 0.37951
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-22060
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22060
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22060
3
reference_url https://www.oracle.com/security-alerts/cpuapr2022.html
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuapr2022.html
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2055480
reference_id 2055480
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2055480
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-22060
reference_id CVE-2021-22060
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-22060
6
reference_url https://tanzu.vmware.com/security/cve-2021-22060
reference_id CVE-2021-22060
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://tanzu.vmware.com/security/cve-2021-22060
7
reference_url https://github.com/advisories/GHSA-6gf2-pvqw-37ph
reference_id GHSA-6gf2-pvqw-37ph
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-6gf2-pvqw-37ph
8
reference_url https://access.redhat.com/errata/RHSA-2022:5532
reference_id RHSA-2022:5532
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:5532
fixed_packages
0
url pkg:maven/org.springframework/spring-core@5.2.19
purl pkg:maven/org.springframework/spring-core@5.2.19
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-core@5.2.19
1
url pkg:maven/org.springframework/spring-core@5.3.14
purl pkg:maven/org.springframework/spring-core@5.3.14
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6ysx-5wcw-f7b5
1
vulnerability VCID-c74k-e1me-pfb2
2
vulnerability VCID-cyjt-4vjn-mbc7
3
vulnerability VCID-dy4t-tm9m-rfex
4
vulnerability VCID-k17s-ttg2-ubgj
5
vulnerability VCID-k2en-h5n1-r7gr
6
vulnerability VCID-w6br-v2gm-j7gr
7
vulnerability VCID-z3th-j593-m7bg
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-core@5.3.14
aliases CVE-2021-22060, GHSA-6gf2-pvqw-37ph
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vvyu-uk8r-wuaz
3
url VCID-y3uz-etva-sufh
vulnerability_id VCID-y3uz-etva-sufh
summary 
Improper Input Validation in Spring Framework
In Spring Framework versions 5.2.0 - 5.2.8, 5.1.0 - 5.1.17, 5.0.0 - 5.0.18, 4.3.0 - 4.3.28, and older unsupported versions, the protections against RFD attacks from CVE-2015-5211 may be bypassed depending on the browser used through the use of a jsessionid path parameter.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-5421.json
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-5421.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-5421
reference_id
reference_type
scores
0
value 0.63828
scoring_system epss
scoring_elements 0.98431
published_at 2026-04-21T12:55:00Z
1
value 0.63828
scoring_system epss
scoring_elements 0.98432
published_at 2026-04-16T12:55:00Z
2
value 0.63828
scoring_system epss
scoring_elements 0.98427
published_at 2026-04-13T12:55:00Z
3
value 0.63828
scoring_system epss
scoring_elements 0.98424
published_at 2026-04-09T12:55:00Z
4
value 0.63828
scoring_system epss
scoring_elements 0.98423
published_at 2026-04-08T12:55:00Z
5
value 0.63828
scoring_system epss
scoring_elements 0.9842
published_at 2026-04-07T12:55:00Z
6
value 0.63828
scoring_system epss
scoring_elements 0.98417
published_at 2026-04-04T12:55:00Z
7
value 0.63828
scoring_system epss
scoring_elements 0.98414
published_at 2026-04-02T12:55:00Z
8
value 0.63828
scoring_system epss
scoring_elements 0.98412
published_at 2026-04-01T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-5421
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5421
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5421
3
reference_url https://lists.apache.org/thread.html/r1c679c43fa4f7846d748a937955c7921436d1b315445978254442163@%3Ccommits.ambari.apache.org%3E
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r1c679c43fa4f7846d748a937955c7921436d1b315445978254442163@%3Ccommits.ambari.apache.org%3E
4
reference_url https://lists.apache.org/thread.html/r1eccdbd7986618a7319ee7a533bd9d9bf6e8678e59dd4cca9b5b2d7a@%3Cissues.ambari.apache.org%3E
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r1eccdbd7986618a7319ee7a533bd9d9bf6e8678e59dd4cca9b5b2d7a@%3Cissues.ambari.apache.org%3E
5
reference_url https://lists.apache.org/thread.html/r3589ed0d18edeb79028615080d5a0e8878856436bb91774a3196d9eb@%3Ccommits.pulsar.apache.org%3E
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r3589ed0d18edeb79028615080d5a0e8878856436bb91774a3196d9eb@%3Ccommits.pulsar.apache.org%3E
6
reference_url https://lists.apache.org/thread.html/r503e64b43a57fd68229cac4a869d1a9a2eac9e75f8719cad3a840211@%3Ccommits.pulsar.apache.org%3E
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r503e64b43a57fd68229cac4a869d1a9a2eac9e75f8719cad3a840211@%3Ccommits.pulsar.apache.org%3E
7
reference_url https://lists.apache.org/thread.html/r5c95eff679dfc642e9e4ab5ac6d202248a59cb1e9457cfbe8b729ac5@%3Cissues.ambari.apache.org%3E
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r5c95eff679dfc642e9e4ab5ac6d202248a59cb1e9457cfbe8b729ac5@%3Cissues.ambari.apache.org%3E
8
reference_url https://lists.apache.org/thread.html/r7e6a213eea7f04fc6d9e3bd6eb8d68c4df92a22e956e95cb2c482865@%3Cissues.hive.apache.org%3E
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r7e6a213eea7f04fc6d9e3bd6eb8d68c4df92a22e956e95cb2c482865@%3Cissues.hive.apache.org%3E
9
reference_url https://lists.apache.org/thread.html/r8b496b1743d128e6861ee0ed3c3c48cc56c505b38f84fa5baf7ae33a@%3Cdev.ambari.apache.org%3E
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r8b496b1743d128e6861ee0ed3c3c48cc56c505b38f84fa5baf7ae33a@%3Cdev.ambari.apache.org%3E
10
reference_url https://lists.apache.org/thread.html/r918caad55dcc640a16753b00d8d6acb90b4e36de4b6156d0867246ec@%3Ccommits.pulsar.apache.org%3E
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r918caad55dcc640a16753b00d8d6acb90b4e36de4b6156d0867246ec@%3Ccommits.pulsar.apache.org%3E
11
reference_url https://lists.apache.org/thread.html/r9f13cccb214495e14648d2c9b8f2c6072fd5219e74502dd35ede81e1@%3Cdev.ambari.apache.org%3E
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r9f13cccb214495e14648d2c9b8f2c6072fd5219e74502dd35ede81e1@%3Cdev.ambari.apache.org%3E
12
reference_url https://lists.apache.org/thread.html/ra889d95141059c6cbe77dd80249bb488ae53b274b5f3abad09d9511d@%3Cuser.ignite.apache.org%3E
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/ra889d95141059c6cbe77dd80249bb488ae53b274b5f3abad09d9511d@%3Cuser.ignite.apache.org%3E
13
reference_url https://lists.apache.org/thread.html/raf7ca57033e537e4f9d7df7f192fa6968c1e49409b2348e08d807ccb@%3Cuser.ignite.apache.org%3E
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/raf7ca57033e537e4f9d7df7f192fa6968c1e49409b2348e08d807ccb@%3Cuser.ignite.apache.org%3E
14
reference_url https://lists.apache.org/thread.html/rb18ed999153ef0f0cb7af03efe0046c42c7242fd77fbd884a75ecfdc@%3Ccommits.pulsar.apache.org%3E
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rb18ed999153ef0f0cb7af03efe0046c42c7242fd77fbd884a75ecfdc@%3Ccommits.pulsar.apache.org%3E
15
reference_url https://lists.apache.org/thread.html/rc9efaf6db98bee19db1bc911d0fa442287dac5cb229d4aaa08b6a13d@%3Cissues.hive.apache.org%3E
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rc9efaf6db98bee19db1bc911d0fa442287dac5cb229d4aaa08b6a13d@%3Cissues.hive.apache.org%3E
16
reference_url https://lists.apache.org/thread.html/rd462a8b0dfab4c15e67c0672cd3c211ecd0e4f018f824082ed54f665@%3Cissues.hive.apache.org%3E
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rd462a8b0dfab4c15e67c0672cd3c211ecd0e4f018f824082ed54f665@%3Cissues.hive.apache.org%3E
17
reference_url https://lists.apache.org/thread.html/re014a49d77f038ba70e5e9934d400af6653e8c9ac110d32b1254127e@%3Cdev.ranger.apache.org%3E
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/re014a49d77f038ba70e5e9934d400af6653e8c9ac110d32b1254127e@%3Cdev.ranger.apache.org%3E
18
reference_url https://lists.apache.org/thread.html/rf00d8f4101a1c1ea4de6ea1e09ddf7472cfd306745c90d6da87ae074@%3Cdev.hive.apache.org%3E
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rf00d8f4101a1c1ea4de6ea1e09ddf7472cfd306745c90d6da87ae074@%3Cdev.hive.apache.org%3E
19
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-5421
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-5421
20
reference_url https://security.netapp.com/advisory/ntap-20210513-0009
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20210513-0009
21
reference_url https://security.netapp.com/advisory/ntap-20210513-0009/
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20210513-0009/
22
reference_url https://tanzu.vmware.com/security/cve-2020-5421
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://tanzu.vmware.com/security/cve-2020-5421
23
reference_url https://www.oracle.com/security-alerts/cpuApr2021.html
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuApr2021.html
24
reference_url https://www.oracle.com/security-alerts/cpuapr2022.html
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuapr2022.html
25
reference_url https://www.oracle.com/security-alerts/cpujan2021.html
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpujan2021.html
26
reference_url https://www.oracle.com/security-alerts/cpujan2022.html
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpujan2022.html
27
reference_url https://www.oracle.com//security-alerts/cpujul2021.html
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.oracle.com//security-alerts/cpujul2021.html
28
reference_url https://www.oracle.com/security-alerts/cpuoct2021.html
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuoct2021.html
29
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1881158
reference_id 1881158
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1881158
30
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=973381
reference_id 973381
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=973381
31
reference_url https://github.com/advisories/GHSA-rv39-3qh7-9v7w
reference_id GHSA-rv39-3qh7-9v7w
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-rv39-3qh7-9v7w
fixed_packages
0
url pkg:maven/org.springframework/spring-core@5.2.8.RELEASE
purl pkg:maven/org.springframework/spring-core@5.2.8.RELEASE
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6ysx-5wcw-f7b5
1
vulnerability VCID-c74k-e1me-pfb2
2
vulnerability VCID-cpsj-4k25-wufe
3
vulnerability VCID-cyjt-4vjn-mbc7
4
vulnerability VCID-dy4t-tm9m-rfex
5
vulnerability VCID-k17s-ttg2-ubgj
6
vulnerability VCID-w6br-v2gm-j7gr
7
vulnerability VCID-ygpk-fb56-sqa4
8
vulnerability VCID-z3th-j593-m7bg
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-core@5.2.8.RELEASE
1
url pkg:maven/org.springframework/spring-core@5.2.9.RELEASE
purl pkg:maven/org.springframework/spring-core@5.2.9.RELEASE
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6ysx-5wcw-f7b5
1
vulnerability VCID-c74k-e1me-pfb2
2
vulnerability VCID-cpsj-4k25-wufe
3
vulnerability VCID-cyjt-4vjn-mbc7
4
vulnerability VCID-dy4t-tm9m-rfex
5
vulnerability VCID-k17s-ttg2-ubgj
6
vulnerability VCID-w6br-v2gm-j7gr
7
vulnerability VCID-ygpk-fb56-sqa4
8
vulnerability VCID-z3th-j593-m7bg
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-core@5.2.9.RELEASE
aliases CVE-2020-5421, GHSA-rv39-3qh7-9v7w
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-y3uz-etva-sufh
4
url VCID-ygpk-fb56-sqa4
vulnerability_id VCID-ygpk-fb56-sqa4
summary 
Improper Output Neutralization for Logs in Spring Framework
In Spring Framework versions 5.3.0 - 5.3.10, 5.2.0 - 5.2.17, and older unsupported versions, it is possible for a user to provide malicious input to cause the insertion of additional log entries.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-22096.json
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-22096.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-22096
reference_id
reference_type
scores
0
value 0.00221
scoring_system epss
scoring_elements 0.44752
published_at 2026-04-18T12:55:00Z
1
value 0.00221
scoring_system epss
scoring_elements 0.4476
published_at 2026-04-16T12:55:00Z
2
value 0.00221
scoring_system epss
scoring_elements 0.44704
published_at 2026-04-13T12:55:00Z
3
value 0.00221
scoring_system epss
scoring_elements 0.44735
published_at 2026-04-11T12:55:00Z
4
value 0.00221
scoring_system epss
scoring_elements 0.44719
published_at 2026-04-09T12:55:00Z
5
value 0.00221
scoring_system epss
scoring_elements 0.44716
published_at 2026-04-08T12:55:00Z
6
value 0.00221
scoring_system epss
scoring_elements 0.44664
published_at 2026-04-07T12:55:00Z
7
value 0.00221
scoring_system epss
scoring_elements 0.44727
published_at 2026-04-04T12:55:00Z
8
value 0.00221
scoring_system epss
scoring_elements 0.44707
published_at 2026-04-02T12:55:00Z
9
value 0.00221
scoring_system epss
scoring_elements 0.44626
published_at 2026-04-01T12:55:00Z
10
value 0.00227
scoring_system epss
scoring_elements 0.45449
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-22096
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22096
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22096
3
reference_url https://github.com/spring-projects/spring-framework
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/spring-projects/spring-framework
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-22096
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-22096
5
reference_url https://security.netapp.com/advisory/ntap-20211125-0005
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20211125-0005
6
reference_url https://security.netapp.com/advisory/ntap-20211125-0005/
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20211125-0005/
7
reference_url https://tanzu.vmware.com/security/cve-2021-22096
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://tanzu.vmware.com/security/cve-2021-22096
8
reference_url https://www.oracle.com/security-alerts/cpuapr2022.html
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuapr2022.html
9
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2034584
reference_id 2034584
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2034584
10
reference_url https://github.com/advisories/GHSA-rfmp-97jj-h8m6
reference_id GHSA-rfmp-97jj-h8m6
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-rfmp-97jj-h8m6
11
reference_url https://access.redhat.com/errata/RHSA-2022:1108
reference_id RHSA-2022:1108
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:1108
12
reference_url https://access.redhat.com/errata/RHSA-2022:1110
reference_id RHSA-2022:1110
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:1110
13
reference_url https://access.redhat.com/errata/RHSA-2022:5532
reference_id RHSA-2022:5532
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:5532
14
reference_url https://access.redhat.com/errata/RHSA-2022:5555
reference_id RHSA-2022:5555
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:5555
15
reference_url https://access.redhat.com/errata/RHSA-2022:6393
reference_id RHSA-2022:6393
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:6393
fixed_packages
0
url pkg:maven/org.springframework/spring-core@5.2.17.RELEASE
purl pkg:maven/org.springframework/spring-core@5.2.17.RELEASE
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6ysx-5wcw-f7b5
1
vulnerability VCID-c74k-e1me-pfb2
2
vulnerability VCID-cyjt-4vjn-mbc7
3
vulnerability VCID-dy4t-tm9m-rfex
4
vulnerability VCID-k17s-ttg2-ubgj
5
vulnerability VCID-w6br-v2gm-j7gr
6
vulnerability VCID-z3th-j593-m7bg
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-core@5.2.17.RELEASE
1
url pkg:maven/org.springframework/spring-core@5.2.18
purl pkg:maven/org.springframework/spring-core@5.2.18
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-core@5.2.18
2
url pkg:maven/org.springframework/spring-core@5.3.11
purl pkg:maven/org.springframework/spring-core@5.3.11
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6ysx-5wcw-f7b5
1
vulnerability VCID-c74k-e1me-pfb2
2
vulnerability VCID-cyjt-4vjn-mbc7
3
vulnerability VCID-dy4t-tm9m-rfex
4
vulnerability VCID-k17s-ttg2-ubgj
5
vulnerability VCID-k2en-h5n1-r7gr
6
vulnerability VCID-w6br-v2gm-j7gr
7
vulnerability VCID-z3th-j593-m7bg
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-core@5.3.11
aliases CVE-2021-22096, GHSA-rfmp-97jj-h8m6
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ygpk-fb56-sqa4
Fixing_vulnerabilities
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-core@5.2.0