Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:maven/org.springframework/spring-core@6.1.3
Typemaven
Namespaceorg.springframework
Namespring-core
Version6.1.3
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version6.2.11
Latest_non_vulnerable_version6.2.11
Affected_by_vulnerabilities
0
url VCID-k2en-h5n1-r7gr
vulnerability_id VCID-k2en-h5n1-r7gr
summary 
Spring Framework annotation detection mechanism may result in improper authorization
The Spring Framework annotation detection mechanism may not correctly resolve annotations on methods within type hierarchies with a parameterized super type with unbounded generics. This can be an issue if such annotations are used for authorization decisions.

Your application may be affected by this if you are using Spring Security's @EnableMethodSecurity feature.

You are not affected by this if you are not using @EnableMethodSecurity or if you do not use security annotations on methods in generic superclasses or generic interfaces.

This CVE is published in conjunction with  CVE-2025-41248 https://spring.io/security/cve-2025-41248 .
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-41249.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-41249.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-41249
reference_id
reference_type
scores
0
value 0.00064
scoring_system epss
scoring_elements 0.20101
published_at 2026-04-11T12:55:00Z
1
value 0.00064
scoring_system epss
scoring_elements 0.20085
published_at 2026-04-09T12:55:00Z
2
value 0.00064
scoring_system epss
scoring_elements 0.20027
published_at 2026-04-08T12:55:00Z
3
value 0.00064
scoring_system epss
scoring_elements 0.19947
published_at 2026-04-07T12:55:00Z
4
value 0.00064
scoring_system epss
scoring_elements 0.20221
published_at 2026-04-04T12:55:00Z
5
value 0.00064
scoring_system epss
scoring_elements 0.20162
published_at 2026-04-02T12:55:00Z
6
value 0.00073
scoring_system epss
scoring_elements 0.22057
published_at 2026-04-18T12:55:00Z
7
value 0.00073
scoring_system epss
scoring_elements 0.22125
published_at 2026-04-12T12:55:00Z
8
value 0.00073
scoring_system epss
scoring_elements 0.22065
published_at 2026-04-13T12:55:00Z
9
value 0.00073
scoring_system epss
scoring_elements 0.22064
published_at 2026-04-16T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-41249
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-41249
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-41249
3
reference_url https://github.com/spring-projects/spring-framework
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/spring-projects/spring-framework
4
reference_url https://github.com/spring-projects/spring-framework/commit/6d710d482a6785b069e35022e81758953afc21ff
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/spring-projects/spring-framework/commit/6d710d482a6785b069e35022e81758953afc21ff
5
reference_url https://github.com/spring-projects/spring-framework/issues/35342
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/spring-projects/spring-framework/issues/35342
6
reference_url https://github.com/spring-projects/spring-framework/releases/tag/v6.2.11
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/spring-projects/spring-framework/releases/tag/v6.2.11
7
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2395725
reference_id 2395725
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2395725
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-41249
reference_id CVE-2025-41249
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-41249
9
reference_url https://spring.io/security/cve-2025-41249
reference_id CVE-2025-41249
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-16T19:29:22Z/
url https://spring.io/security/cve-2025-41249
10
reference_url https://github.com/advisories/GHSA-jmp9-x22r-554x
reference_id GHSA-jmp9-x22r-554x
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-jmp9-x22r-554x
11
reference_url https://access.redhat.com/errata/RHSA-2025:18028
reference_id RHSA-2025:18028
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:18028
12
reference_url https://access.redhat.com/errata/RHSA-2025:22765
reference_id RHSA-2025:22765
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:22765
fixed_packages
0
url pkg:maven/org.springframework/spring-core@6.2.11
purl pkg:maven/org.springframework/spring-core@6.2.11
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-core@6.2.11
aliases CVE-2025-41249, GHSA-jmp9-x22r-554x
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-k2en-h5n1-r7gr
Fixing_vulnerabilities
0
url VCID-s7s7-tzq3-m3bc
vulnerability_id VCID-s7s7-tzq3-m3bc
summary 
Spring Framework server Web DoS Vulnerability
In Spring Framework versions 6.0.15 and 6.1.2, it is possible for a user to provide specially crafted HTTP requests that may cause a denial-of-service (DoS) condition.

Specifically, an application is vulnerable when all of the following are true:

  *  the application uses Spring MVC
  *  Spring Security 6.1.6+ or 6.2.1+ is on the classpath


Typically, Spring Boot applications need the org.springframework.boot:spring-boot-starter-web and org.springframework.boot:spring-boot-starter-security dependencies to meet all conditions.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-22233.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-22233.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-22233
reference_id
reference_type
scores
0
value 0.01539
scoring_system epss
scoring_elements 0.81398
published_at 2026-04-18T12:55:00Z
1
value 0.01539
scoring_system epss
scoring_elements 0.8136
published_at 2026-04-13T12:55:00Z
2
value 0.01539
scoring_system epss
scoring_elements 0.81368
published_at 2026-04-12T12:55:00Z
3
value 0.01539
scoring_system epss
scoring_elements 0.81383
published_at 2026-04-11T12:55:00Z
4
value 0.01539
scoring_system epss
scoring_elements 0.81362
published_at 2026-04-09T12:55:00Z
5
value 0.01539
scoring_system epss
scoring_elements 0.81329
published_at 2026-04-04T12:55:00Z
6
value 0.01539
scoring_system epss
scoring_elements 0.81307
published_at 2026-04-02T12:55:00Z
7
value 0.01539
scoring_system epss
scoring_elements 0.81357
published_at 2026-04-08T12:55:00Z
8
value 0.01539
scoring_system epss
scoring_elements 0.81328
published_at 2026-04-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-22233
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-22233
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-22233
3
reference_url https://security.netapp.com/advisory/ntap-20240614-0005
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20240614-0005
4
reference_url https://spring.io/security/cve-2024-22233
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://spring.io/security/cve-2024-22233
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2259703
reference_id 2259703
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2259703
6
reference_url https://spring.io/security/cve-2024-22233/
reference_id cve-2024-22233
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-01-22T18:41:14Z/
url https://spring.io/security/cve-2024-22233/
7
reference_url https://github.com/advisories/GHSA-r4q3-7g4q-x89m
reference_id GHSA-r4q3-7g4q-x89m
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-r4q3-7g4q-x89m
8
reference_url https://security.netapp.com/advisory/ntap-20240614-0005/
reference_id ntap-20240614-0005
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-01-22T18:41:14Z/
url https://security.netapp.com/advisory/ntap-20240614-0005/
fixed_packages
0
url pkg:maven/org.springframework/spring-core@6.0.16
purl pkg:maven/org.springframework/spring-core@6.0.16
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-k2en-h5n1-r7gr
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-core@6.0.16
1
url pkg:maven/org.springframework/spring-core@6.1.3
purl pkg:maven/org.springframework/spring-core@6.1.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-k2en-h5n1-r7gr
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-core@6.1.3
aliases CVE-2024-22233, GHSA-r4q3-7g4q-x89m
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-s7s7-tzq3-m3bc
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-core@6.1.3