Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:maven/org.springframework/spring-core@3.0.0

Type maven

Namespace org.springframework

Name spring-core

Version 3.0.0

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 5.2.24.RELEASE

Latest_non_vulnerable_version 6.2.11

Affected_by_vulnerabilities

url VCID-53gt-nbgk-hyc2

vulnerability_id VCID-53gt-nbgk-hyc2

summary Directory traversal vulnerability in Pivotal Spring Framework 3.x before 3.2.9 and 4.0 before 4.0.5 allows remote attackers to read arbitrary files via a crafted URL.

references

reference_url	http://jvndb.jvn.jp/en/contents/2014/JVNDB-2014-000054.html
reference_id
reference_type
scores
url	http://jvndb.jvn.jp/en/contents/2014/JVNDB-2014-000054.html

reference_url

http://jvndb.jvn.jp/jvndb/JVNDB-2014-000054

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://jvndb.jvn.jp/jvndb/JVNDB-2014-000054

reference_url

http://jvn.jp/en/jp/JVN49154900/index.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://jvn.jp/en/jp/JVN49154900/index.html

reference_url

http://rhn.redhat.com/errata/RHSA-2015-0720.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://rhn.redhat.com/errata/RHSA-2015-0720.html

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3578.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3578.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2014-3578

reference_id

reference_type

scores

value	0.04358
scoring_system	epss
scoring_elements	0.88961
published_at	2026-04-21T12:55:00Z

value	0.04358
scoring_system	epss
scoring_elements	0.88899
published_at	2026-04-01T12:55:00Z

value	0.04358
scoring_system	epss
scoring_elements	0.88907
published_at	2026-04-02T12:55:00Z

value	0.04358
scoring_system	epss
scoring_elements	0.88923
published_at	2026-04-04T12:55:00Z

value	0.04358
scoring_system	epss
scoring_elements	0.88925
published_at	2026-04-07T12:55:00Z

value	0.04358
scoring_system	epss
scoring_elements	0.88944
published_at	2026-04-08T12:55:00Z

value	0.04358
scoring_system	epss
scoring_elements	0.88949
published_at	2026-04-09T12:55:00Z

value	0.04358
scoring_system	epss
scoring_elements	0.8896
published_at	2026-04-11T12:55:00Z

value	0.04358
scoring_system	epss
scoring_elements	0.88954
published_at	2026-04-12T12:55:00Z

value	0.04358
scoring_system	epss
scoring_elements	0.88953
published_at	2026-04-13T12:55:00Z

value	0.04358
scoring_system	epss
scoring_elements	0.88966
published_at	2026-04-16T12:55:00Z

value	0.04358
scoring_system	epss
scoring_elements	0.88964
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2014-3578

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=1131882

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=1131882

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3578
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3578

reference_url

https://github.com/spring-projects/spring-framework

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/spring-projects/spring-framework

reference_url

https://github.com/spring-projects/spring-framework/commit/748167bfa33c3c69db2d8dbdc3a0e9da692da3a0

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/spring-projects/spring-framework/commit/748167bfa33c3c69db2d8dbdc3a0e9da692da3a0

reference_url	https://github.com/spring-projects/spring-framework/commit/8e096aeef55287dc829484996c9330cf755891a1
reference_id
reference_type
scores
url	https://github.com/spring-projects/spring-framework/commit/8e096aeef55287dc829484996c9330cf755891a1

reference_url

https://github.com/spring-projects/spring-framework/commit/8ee465103850a3dca018273fe5952e40d5c45a66

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/spring-projects/spring-framework/commit/8ee465103850a3dca018273fe5952e40d5c45a66

reference_url	https://github.com/spring-projects/spring-framework/commit/c6503ebbf7c9e21ff022c58706dbac5417b2b5eb
reference_id
reference_type
scores
url	https://github.com/spring-projects/spring-framework/commit/c6503ebbf7c9e21ff022c58706dbac5417b2b5eb

reference_url

https://github.com/spring-projects/spring-framework/commit/f6fddeb6eb7da625fd711ab371ff16512f431e8d

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/spring-projects/spring-framework/commit/f6fddeb6eb7da625fd711ab371ff16512f431e8d

reference_url

https://github.com/spring-projects/spring-framework/issues/16414

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/spring-projects/spring-framework/issues/16414

reference_url	https://jira.spring.io/browse/SPR-12354
reference_id
reference_type
scores
url	https://jira.spring.io/browse/SPR-12354

reference_url

https://lists.debian.org/debian-lts-announce/2019/07/msg00012.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2019/07/msg00012.html

reference_url

https://rhn.redhat.com/errata/RHSA-2015-0234.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://rhn.redhat.com/errata/RHSA-2015-0234.html

reference_url

https://rhn.redhat.com/errata/RHSA-2015-0235.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://rhn.redhat.com/errata/RHSA-2015-0235.html

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=760733
reference_id	760733
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=760733

reference_url

http://pivotal.io/security/cve-2014-3578

reference_id

CVE-2014-3578

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://pivotal.io/security/cve-2014-3578

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2014-3578

reference_id

CVE-2014-3578

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2014-3578

reference_url	http://www.pivotal.io/security/cve-2014-3578
reference_id	CVE-2014-3578
reference_type
scores
url	http://www.pivotal.io/security/cve-2014-3578

reference_url

https://github.com/advisories/GHSA-rhcg-rwhx-qj3j

reference_id

GHSA-rhcg-rwhx-qj3j

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-rhcg-rwhx-qj3j

reference_url	https://access.redhat.com/errata/RHSA-2015:0234
reference_id	RHSA-2015:0234
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2015:0234

reference_url	https://access.redhat.com/errata/RHSA-2015:0235
reference_id	RHSA-2015:0235
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2015:0235

reference_url	https://access.redhat.com/errata/RHSA-2015:0675
reference_id	RHSA-2015:0675
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2015:0675

reference_url	https://access.redhat.com/errata/RHSA-2015:0720
reference_id	RHSA-2015:0720
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2015:0720

reference_url	https://usn.ubuntu.com/USN-4774-1/
reference_id	USN-USN-4774-1
reference_type
scores
url	https://usn.ubuntu.com/USN-4774-1/

fixed_packages

url	pkg:maven/org.springframework/spring-core@3.2.9
purl	pkg:maven/org.springframework/spring-core@3.2.9
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-core@3.2.9

url pkg:maven/org.springframework/spring-core@3.2.9.RELEASE

purl pkg:maven/org.springframework/spring-core@3.2.9.RELEASE

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2nff-p7we-tuax

vulnerability	VCID-3rev-eg6f-tkb7

vulnerability	VCID-6ysx-5wcw-f7b5

vulnerability	VCID-c74k-e1me-pfb2

vulnerability	VCID-cyjt-4vjn-mbc7

vulnerability	VCID-dfs4-emmn-f3eb

vulnerability	VCID-j3wr-npbv-8qcw

vulnerability	VCID-k17s-ttg2-ubgj

vulnerability	VCID-pb7f-yasx-17ag

vulnerability	VCID-w6br-v2gm-j7gr

vulnerability	VCID-y3uz-etva-sufh

vulnerability	VCID-z3th-j593-m7bg

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-core@3.2.9.RELEASE

url	pkg:maven/org.springframework/spring-core@4.0.5
purl	pkg:maven/org.springframework/spring-core@4.0.5
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-core@4.0.5

url pkg:maven/org.springframework/spring-core@4.0.5.RELEASE

purl pkg:maven/org.springframework/spring-core@4.0.5.RELEASE

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2nff-p7we-tuax

vulnerability	VCID-3rev-eg6f-tkb7

vulnerability	VCID-6ysx-5wcw-f7b5

vulnerability	VCID-c74k-e1me-pfb2

vulnerability	VCID-cyjt-4vjn-mbc7

vulnerability	VCID-dfs4-emmn-f3eb

vulnerability	VCID-k17s-ttg2-ubgj

vulnerability	VCID-pb7f-yasx-17ag

vulnerability	VCID-w6br-v2gm-j7gr

vulnerability	VCID-y3uz-etva-sufh

vulnerability	VCID-z3th-j593-m7bg

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-core@4.0.5.RELEASE

aliases CVE-2014-3578, GHSA-rhcg-rwhx-qj3j

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-53gt-nbgk-hyc2

url VCID-h4ys-unzb-cbhn

vulnerability_id VCID-h4ys-unzb-cbhn

summary VMware SpringSource Spring Framework before 2.5.6.SEC03, 2.5.7.SR023, and 3.x before 3.0.6, when a container supports Expression Language (EL), evaluates EL expressions in tags twice, which allows remote attackers to obtain sensitive information via a (1) name attribute in a (a) spring:hasBindErrors tag; (2) path attribute in a (b) spring:bind or (c) spring:nestedpath tag; (3) arguments, (4) code, (5) text, (6) var, (7) scope, or (8) message attribute in a (d) spring:message or (e) spring:theme tag; or (9) var, (10) scope, or (11) value attribute in a (f) spring:transform tag, aka "Expression Language Injection."

references

reference_url

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=677814

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=677814

reference_url

http://rhn.redhat.com/errata/RHSA-2013-0191.html

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://rhn.redhat.com/errata/RHSA-2013-0191.html

reference_url

http://rhn.redhat.com/errata/RHSA-2013-0192.html

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://rhn.redhat.com/errata/RHSA-2013-0192.html

reference_url	http://rhn.redhat.com/errata/RHSA-2013-0193.html
reference_id
reference_type
scores
url	http://rhn.redhat.com/errata/RHSA-2013-0193.html

reference_url

http://rhn.redhat.com/errata/RHSA-2013-0194.html

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://rhn.redhat.com/errata/RHSA-2013-0194.html

reference_url

http://rhn.redhat.com/errata/RHSA-2013-0195.html

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://rhn.redhat.com/errata/RHSA-2013-0195.html

reference_url

http://rhn.redhat.com/errata/RHSA-2013-0196.html

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://rhn.redhat.com/errata/RHSA-2013-0196.html

reference_url	http://rhn.redhat.com/errata/RHSA-2013-0197.html
reference_id
reference_type
scores
url	http://rhn.redhat.com/errata/RHSA-2013-0197.html

reference_url

http://rhn.redhat.com/errata/RHSA-2013-0198.html

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://rhn.redhat.com/errata/RHSA-2013-0198.html

reference_url

http://rhn.redhat.com/errata/RHSA-2013-0221.html

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://rhn.redhat.com/errata/RHSA-2013-0221.html

reference_url

http://rhn.redhat.com/errata/RHSA-2013-0533.html

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://rhn.redhat.com/errata/RHSA-2013-0533.html

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-2730.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-2730.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2011-2730

reference_id

reference_type

scores

value	0.46306
scoring_system	epss
scoring_elements	0.97659
published_at	2026-04-21T12:55:00Z

value	0.46306
scoring_system	epss
scoring_elements	0.97656
published_at	2026-04-16T12:55:00Z

value	0.46772
scoring_system	epss
scoring_elements	0.97665
published_at	2026-04-12T12:55:00Z

value	0.46772
scoring_system	epss
scoring_elements	0.97663
published_at	2026-04-11T12:55:00Z

value	0.46772
scoring_system	epss
scoring_elements	0.97666
published_at	2026-04-13T12:55:00Z

value	0.47103
scoring_system	epss
scoring_elements	0.97669
published_at	2026-04-07T12:55:00Z

value	0.47103
scoring_system	epss
scoring_elements	0.97668
published_at	2026-04-04T12:55:00Z

value	0.47103
scoring_system	epss
scoring_elements	0.97676
published_at	2026-04-09T12:55:00Z

value	0.47103
scoring_system	epss
scoring_elements	0.97661
published_at	2026-04-01T12:55:00Z

value	0.47103
scoring_system	epss
scoring_elements	0.97673
published_at	2026-04-08T12:55:00Z

value	0.47103
scoring_system	epss
scoring_elements	0.97667
published_at	2026-04-02T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2011-2730

reference_url

https://docs.google.com/document/d/1dc1xxO8UMFaGLOwgkykYdghGWm_2Gn0iCrxFsympqcE/edit

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://docs.google.com/document/d/1dc1xxO8UMFaGLOwgkykYdghGWm_2Gn0iCrxFsympqcE/edit

reference_url	http://secunia.com/advisories/51984
reference_id
reference_type
scores
url	http://secunia.com/advisories/51984

reference_url	http://secunia.com/advisories/52054
reference_id
reference_type
scores
url	http://secunia.com/advisories/52054

reference_url	http://secunia.com/advisories/55155
reference_id
reference_type
scores
url	http://secunia.com/advisories/55155

reference_url

https://github.com/spring-projects/spring-framework

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/spring-projects/spring-framework

reference_url

https://github.com/spring-projects/spring-framework/commit/62ccc8dd7e645fb91705d44919abac838cb5ca3f

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/spring-projects/spring-framework/commit/62ccc8dd7e645fb91705d44919abac838cb5ca3f

reference_url

https://github.com/spring-projects/spring-framework/commit/9772eb8410e37cd0bdec0d1b133218446c778beb

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/spring-projects/spring-framework/commit/9772eb8410e37cd0bdec0d1b133218446c778beb

reference_url

https://github.com/spring-projects/spring-framework/commit/b8d86330d1fadc645630416c3aaebf131bf749fc

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/spring-projects/spring-framework/commit/b8d86330d1fadc645630416c3aaebf131bf749fc

reference_url	https://github.com/spring-projects/spring-framework/commit/c8649087792d07df209fc75e0f9e2e3284e09fe
reference_id
reference_type
scores
url	https://github.com/spring-projects/spring-framework/commit/c8649087792d07df209fc75e0f9e2e3284e09fe

reference_url	https://github.com/spring-projects/spring-framework/commit/d95cbe23ee462245c5c2482e175f7b2a921b31c
reference_id
reference_type
scores
url	https://github.com/spring-projects/spring-framework/commit/d95cbe23ee462245c5c2482e175f7b2a921b31c

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2011-2730

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:P/I:P/A:P

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2011-2730

reference_url	https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-2730
reference_id
reference_type
scores
url	https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-2730

reference_url

http://www.debian.org/security/2012/dsa-2504

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.debian.org/security/2012/dsa-2504

reference_url

http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html

reference_url	http://www.securitytracker.com/id/1029151
reference_id
reference_type
scores
url	http://www.securitytracker.com/id/1029151

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=737608
reference_id	737608
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=737608

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:springsource:spring_framework::::::::
reference_id	cpe:2.3:a:springsource:spring_framework::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:springsource:spring_framework::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:springsource:spring_framework:2.5.0:::::::*
reference_id	cpe:2.3:a:springsource:spring_framework:2.5.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:springsource:spring_framework:2.5.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:springsource:spring_framework:2.5.0:rc1::::::
reference_id	cpe:2.3:a:springsource:spring_framework:2.5.0:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:springsource:spring_framework:2.5.0:rc1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:springsource:spring_framework:2.5.0:rc2::::::
reference_id	cpe:2.3:a:springsource:spring_framework:2.5.0:rc2::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:springsource:spring_framework:2.5.0:rc2::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:springsource:spring_framework:2.5.1:::::::*
reference_id	cpe:2.3:a:springsource:spring_framework:2.5.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:springsource:spring_framework:2.5.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:springsource:spring_framework:2.5.2:::::::*
reference_id	cpe:2.3:a:springsource:spring_framework:2.5.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:springsource:spring_framework:2.5.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:springsource:spring_framework:2.5.3:::::::*
reference_id	cpe:2.3:a:springsource:spring_framework:2.5.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:springsource:spring_framework:2.5.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:springsource:spring_framework:2.5.4:::::::*
reference_id	cpe:2.3:a:springsource:spring_framework:2.5.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:springsource:spring_framework:2.5.4:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:springsource:spring_framework:2.5.5:::::::*
reference_id	cpe:2.3:a:springsource:spring_framework:2.5.5:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:springsource:spring_framework:2.5.5:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:springsource:spring_framework:2.5.6:::::::*
reference_id	cpe:2.3:a:springsource:spring_framework:2.5.6:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:springsource:spring_framework:2.5.6:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:springsource:spring_framework:2.5.7:::::::*
reference_id	cpe:2.3:a:springsource:spring_framework:2.5.7:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:springsource:spring_framework:2.5.7:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:springsource:spring_framework:3.0.0:::::::*
reference_id	cpe:2.3:a:springsource:spring_framework:3.0.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:springsource:spring_framework:3.0.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:springsource:spring_framework:3.0.1:::::::*
reference_id	cpe:2.3:a:springsource:spring_framework:3.0.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:springsource:spring_framework:3.0.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:springsource:spring_framework:3.0.2:::::::*
reference_id	cpe:2.3:a:springsource:spring_framework:3.0.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:springsource:spring_framework:3.0.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:springsource:spring_framework:3.0.3:::::::*
reference_id	cpe:2.3:a:springsource:spring_framework:3.0.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:springsource:spring_framework:3.0.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:springsource:spring_framework:3.0.4:::::::*
reference_id	cpe:2.3:a:springsource:spring_framework:3.0.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:springsource:spring_framework:3.0.4:::::::*

reference_url	http://support.springsource.com/security/cve-2011-2730
reference_id	CVE-2011-2730
reference_type
scores
url	http://support.springsource.com/security/cve-2011-2730

reference_url

https://github.com/advisories/GHSA-wv88-pf73-x22p

reference_id

GHSA-wv88-pf73-x22p

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-wv88-pf73-x22p

fixed_packages

url	pkg:maven/org.springframework/spring-core@3.0.6
purl	pkg:maven/org.springframework/spring-core@3.0.6
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-core@3.0.6

url pkg:maven/org.springframework/spring-core@3.0.6.RELEASE

purl pkg:maven/org.springframework/spring-core@3.0.6.RELEASE

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2nff-p7we-tuax

vulnerability	VCID-3rev-eg6f-tkb7

vulnerability	VCID-53gt-nbgk-hyc2

vulnerability	VCID-6ysx-5wcw-f7b5

vulnerability	VCID-c74k-e1me-pfb2

vulnerability	VCID-cyjt-4vjn-mbc7

vulnerability	VCID-dfs4-emmn-f3eb

vulnerability	VCID-j3wr-npbv-8qcw

vulnerability	VCID-k17s-ttg2-ubgj

vulnerability	VCID-pb7f-yasx-17ag

vulnerability	VCID-w6br-v2gm-j7gr

vulnerability	VCID-y3uz-etva-sufh

vulnerability	VCID-z3th-j593-m7bg

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-core@3.0.6.RELEASE

aliases CVE-2011-2730, GHSA-wv88-pf73-x22p

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-h4ys-unzb-cbhn

url VCID-sy5j-6rkg-n3b7

vulnerability_id VCID-sy5j-6rkg-n3b7

summary

Deserialization of Untrusted Data
Spring Framework 3.0.0 through 3.0.5, Spring Security 3.0.0 through 3.0.5 and 2.0.0 through 2.0.6, and possibly other versions deserialize objects from untrusted sources, which allows remote attackers to bypass intended security restrictions and execute untrusted code by (1) serializing a java.lang.Proxy instance and using InvocationHandler, or (2) accessing internal AOP interfaces, as demonstrated using deserialization of a DefaultListableBeanFactory instance to execute arbitrary commands via the java.lang.Runtime class.

references

reference_url

http://osvdb.org/75263

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://osvdb.org/75263

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-2894.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-2894.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2011-2894

reference_id

reference_type

scores

value	0.02109
scoring_system	epss
scoring_elements	0.8413
published_at	2026-04-21T12:55:00Z

value	0.02109
scoring_system	epss
scoring_elements	0.84036
published_at	2026-04-01T12:55:00Z

value	0.02109
scoring_system	epss
scoring_elements	0.84049
published_at	2026-04-02T12:55:00Z

value	0.02109
scoring_system	epss
scoring_elements	0.84065
published_at	2026-04-04T12:55:00Z

value	0.02109
scoring_system	epss
scoring_elements	0.84067
published_at	2026-04-07T12:55:00Z

value	0.02109
scoring_system	epss
scoring_elements	0.8409
published_at	2026-04-08T12:55:00Z

value	0.02109
scoring_system	epss
scoring_elements	0.84097
published_at	2026-04-09T12:55:00Z

value	0.02109
scoring_system	epss
scoring_elements	0.84114
published_at	2026-04-11T12:55:00Z

value	0.02109
scoring_system	epss
scoring_elements	0.84108
published_at	2026-04-12T12:55:00Z

value	0.02109
scoring_system	epss
scoring_elements	0.84104
published_at	2026-04-13T12:55:00Z

value	0.02109
scoring_system	epss
scoring_elements	0.84126
published_at	2026-04-16T12:55:00Z

value	0.02109
scoring_system	epss
scoring_elements	0.84128
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2011-2894

reference_url

http://securityreason.com/securityalert/8405

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://securityreason.com/securityalert/8405

reference_url

https://exchange.xforce.ibmcloud.com/vulnerabilities/69687

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://exchange.xforce.ibmcloud.com/vulnerabilities/69687

reference_url

https://github.com/spring-projects/spring-framework

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/spring-projects/spring-framework

reference_url

https://github.com/spring-projects/spring-framework/commit/070a723ef2c886770a063eb9a67f84f74e06edfb

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/spring-projects/spring-framework/commit/070a723ef2c886770a063eb9a67f84f74e06edfb

reference_url

http://www.redhat.com/support/errata/RHSA-2011-1334.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.redhat.com/support/errata/RHSA-2011-1334.html

reference_url

http://www.securityfocus.com/archive/1/519593/100/0/threaded

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.securityfocus.com/archive/1/519593/100/0/threaded

reference_url

http://www.securityfocus.com/bid/49536

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.securityfocus.com/bid/49536

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=737611
reference_id	737611
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=737611

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2011-2894

reference_id

CVE-2011-2894

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2011-2894

reference_url

https://web.archive.org/web/20120307233721/http://www.springsource.com/security/cve-2011-2894

reference_id

CVE-2011-2894

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20120307233721/http://www.springsource.com/security/cve-2011-2894

reference_url

http://www.springsource.com/security/cve-2011-2894

reference_id

CVE-2011-2894

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.springsource.com/security/cve-2011-2894

reference_url

https://github.com/advisories/GHSA-f866-m9mv-2xr3

reference_id

GHSA-f866-m9mv-2xr3

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-f866-m9mv-2xr3

reference_url	https://access.redhat.com/errata/RHSA-2011:1334
reference_id	RHSA-2011:1334
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2011:1334

fixed_packages

url	pkg:maven/org.springframework/spring-core@3.0.6
purl	pkg:maven/org.springframework/spring-core@3.0.6
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-core@3.0.6

url pkg:maven/org.springframework/spring-core@3.0.6.RELEASE

purl pkg:maven/org.springframework/spring-core@3.0.6.RELEASE

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2nff-p7we-tuax

vulnerability	VCID-3rev-eg6f-tkb7

vulnerability	VCID-53gt-nbgk-hyc2

vulnerability	VCID-6ysx-5wcw-f7b5

vulnerability	VCID-c74k-e1me-pfb2

vulnerability	VCID-cyjt-4vjn-mbc7

vulnerability	VCID-dfs4-emmn-f3eb

vulnerability	VCID-j3wr-npbv-8qcw

vulnerability	VCID-k17s-ttg2-ubgj

vulnerability	VCID-pb7f-yasx-17ag

vulnerability	VCID-w6br-v2gm-j7gr

vulnerability	VCID-y3uz-etva-sufh

vulnerability	VCID-z3th-j593-m7bg

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-core@3.0.6.RELEASE

aliases CVE-2011-2894, GHSA-f866-m9mv-2xr3

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-sy5j-6rkg-n3b7

Fixing_vulnerabilities

Risk_score 4.0

Resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-core@3.0.0

Package Instance