Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:maven/org.springframework.security/spring-security-core@3.0.0
Typemaven
Namespaceorg.springframework.security
Namespring-security-core
Version3.0.0
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version5.7.14
Latest_non_vulnerable_version6.5.4
Affected_by_vulnerabilities
0
url VCID-ev1k-za9z-87hq
vulnerability_id VCID-ev1k-za9z-87hq
summary 
Improper Control of Generation of Code ('Code Injection')
CRLF injection vulnerability in the logout functionality in VMware SpringSource Spring Security before 2.0.7 and 3.0.x before 3.0.6 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the spring-security-redirect parameter.
references
0
reference_url http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=677814
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=677814
1
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-2732.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-2732.json
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2011-2732
reference_id
reference_type
scores
0
value 0.07155
scoring_system epss
scoring_elements 0.91582
published_at 2026-04-21T12:55:00Z
1
value 0.07155
scoring_system epss
scoring_elements 0.91561
published_at 2026-04-09T12:55:00Z
2
value 0.07155
scoring_system epss
scoring_elements 0.91565
published_at 2026-04-13T12:55:00Z
3
value 0.07155
scoring_system epss
scoring_elements 0.91567
published_at 2026-04-12T12:55:00Z
4
value 0.07155
scoring_system epss
scoring_elements 0.91587
published_at 2026-04-16T12:55:00Z
5
value 0.07155
scoring_system epss
scoring_elements 0.91583
published_at 2026-04-18T12:55:00Z
6
value 0.07155
scoring_system epss
scoring_elements 0.91521
published_at 2026-04-01T12:55:00Z
7
value 0.07155
scoring_system epss
scoring_elements 0.91528
published_at 2026-04-02T12:55:00Z
8
value 0.07155
scoring_system epss
scoring_elements 0.91534
published_at 2026-04-04T12:55:00Z
9
value 0.07155
scoring_system epss
scoring_elements 0.91542
published_at 2026-04-07T12:55:00Z
10
value 0.07155
scoring_system epss
scoring_elements 0.91555
published_at 2026-04-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2011-2732
3
reference_url https://github.com/spring-projects/spring-security
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/spring-projects/spring-security
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=737617
reference_id 737617
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=737617
5
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:springsource_spring_security:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:vmware:springsource_spring_security:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:springsource_spring_security:*:*:*:*:*:*:*:*
6
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:springsource_spring_security:2.0.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:vmware:springsource_spring_security:2.0.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:springsource_spring_security:2.0.0:*:*:*:*:*:*:*
7
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:springsource_spring_security:2.0.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:vmware:springsource_spring_security:2.0.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:springsource_spring_security:2.0.1:*:*:*:*:*:*:*
8
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:springsource_spring_security:2.0.2:*:*:*:*:*:*:*
reference_id cpe:2.3:a:vmware:springsource_spring_security:2.0.2:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:springsource_spring_security:2.0.2:*:*:*:*:*:*:*
9
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:springsource_spring_security:2.0.3:*:*:*:*:*:*:*
reference_id cpe:2.3:a:vmware:springsource_spring_security:2.0.3:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:springsource_spring_security:2.0.3:*:*:*:*:*:*:*
10
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:springsource_spring_security:2.0.4:*:*:*:*:*:*:*
reference_id cpe:2.3:a:vmware:springsource_spring_security:2.0.4:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:springsource_spring_security:2.0.4:*:*:*:*:*:*:*
11
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:springsource_spring_security:2.0.5:*:*:*:*:*:*:*
reference_id cpe:2.3:a:vmware:springsource_spring_security:2.0.5:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:springsource_spring_security:2.0.5:*:*:*:*:*:*:*
12
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:springsource_spring_security:3.0.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:vmware:springsource_spring_security:3.0.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:springsource_spring_security:3.0.0:*:*:*:*:*:*:*
13
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:springsource_spring_security:3.0.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:vmware:springsource_spring_security:3.0.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:springsource_spring_security:3.0.1:*:*:*:*:*:*:*
14
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:springsource_spring_security:3.0.2:*:*:*:*:*:*:*
reference_id cpe:2.3:a:vmware:springsource_spring_security:3.0.2:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:springsource_spring_security:3.0.2:*:*:*:*:*:*:*
15
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:springsource_spring_security:3.0.3:*:*:*:*:*:*:*
reference_id cpe:2.3:a:vmware:springsource_spring_security:3.0.3:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:springsource_spring_security:3.0.3:*:*:*:*:*:*:*
16
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:springsource_spring_security:3.0.4:*:*:*:*:*:*:*
reference_id cpe:2.3:a:vmware:springsource_spring_security:3.0.4:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:springsource_spring_security:3.0.4:*:*:*:*:*:*:*
17
reference_url https://nvd.nist.gov/vuln/detail/CVE-2011-2732
reference_id CVE-2011-2732
reference_type
scores
0
value 4.3
scoring_system cvssv2
scoring_elements AV:N/AC:M/Au:N/C:N/I:P/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2011-2732
18
reference_url http://support.springsource.com/security/cve-2011-2732
reference_id CVE-2011-2732
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://support.springsource.com/security/cve-2011-2732
19
reference_url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/36130.txt
reference_id CVE-2011-2732;OSVDB-75266
reference_type exploit
scores
url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/36130.txt
20
reference_url https://www.securityfocus.com/bid/49535/info
reference_id CVE-2011-2732;OSVDB-75266
reference_type exploit
scores
url https://www.securityfocus.com/bid/49535/info
21
reference_url https://github.com/advisories/GHSA-5xm9-rf63-wj7h
reference_id GHSA-5xm9-rf63-wj7h
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-5xm9-rf63-wj7h
fixed_packages
0
url pkg:maven/org.springframework.security/spring-security-core@3.0.6
purl pkg:maven/org.springframework.security/spring-security-core@3.0.6
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-core@3.0.6
1
url pkg:maven/org.springframework.security/spring-security-core@3.0.6.RELEASE
purl pkg:maven/org.springframework.security/spring-security-core@3.0.6.RELEASE
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-8jtc-ehgu-x3c5
1
vulnerability VCID-cden-3spy-pyhz
2
vulnerability VCID-deuk-emca-3kgr
3
vulnerability VCID-dfs4-emmn-f3eb
4
vulnerability VCID-dwcq-d6nf-1ubn
5
vulnerability VCID-u6vb-w2bu-ykfk
6
vulnerability VCID-w4q4-38gp-m3d8
7
vulnerability VCID-yeaf-ta2h-p7c1
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-core@3.0.6.RELEASE
aliases CVE-2011-2732, GHSA-5xm9-rf63-wj7h
risk_score 10.0
exploitability 2.0
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ev1k-za9z-87hq
1
url VCID-n8yr-3aex-kyah
vulnerability_id VCID-n8yr-3aex-kyah
summary 
Authentication Bypass Using an Alternate Path or Channel in SpringSource Spring Security and Acegi Security
VMware SpringSource Spring Security 2.x before 2.0.6 and 3.x before 3.0.4, and Acegi Security 1.0.0 through 1.0.7, as used in IBM WebSphere Application Server (WAS) 6.1 and 7.0, allows remote attackers to bypass security constraints via a path parameter.
references
0
reference_url http://osvdb.org/68931
reference_id
reference_type
scores
url http://osvdb.org/68931
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2010-3700
reference_id
reference_type
scores
0
value 0.00248
scoring_system epss
scoring_elements 0.48062
published_at 2026-04-21T12:55:00Z
1
value 0.00248
scoring_system epss
scoring_elements 0.48047
published_at 2026-04-12T12:55:00Z
2
value 0.00248
scoring_system epss
scoring_elements 0.48071
published_at 2026-04-11T12:55:00Z
3
value 0.00248
scoring_system epss
scoring_elements 0.48059
published_at 2026-04-13T12:55:00Z
4
value 0.00248
scoring_system epss
scoring_elements 0.48111
published_at 2026-04-16T12:55:00Z
5
value 0.00248
scoring_system epss
scoring_elements 0.48106
published_at 2026-04-18T12:55:00Z
6
value 0.00248
scoring_system epss
scoring_elements 0.47991
published_at 2026-04-01T12:55:00Z
7
value 0.00248
scoring_system epss
scoring_elements 0.48029
published_at 2026-04-02T12:55:00Z
8
value 0.00248
scoring_system epss
scoring_elements 0.4805
published_at 2026-04-04T12:55:00Z
9
value 0.00248
scoring_system epss
scoring_elements 0.48
published_at 2026-04-07T12:55:00Z
10
value 0.00248
scoring_system epss
scoring_elements 0.48053
published_at 2026-04-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2010-3700
2
reference_url http://secunia.com/advisories/42024
reference_id
reference_type
scores
url http://secunia.com/advisories/42024
3
reference_url https://issues.apache.org/bugzilla/show_bug.cgi?id=25015
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://issues.apache.org/bugzilla/show_bug.cgi?id=25015
4
reference_url https://web.archive.org/web/20110802082343/http://www.springsource.com/security/cve-2010-3700
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20110802082343/http://www.springsource.com/security/cve-2010-3700
5
reference_url http://www.securityfocus.com/archive/1/514517/100/0/threaded
reference_id
reference_type
scores
url http://www.securityfocus.com/archive/1/514517/100/0/threaded
6
reference_url http://www.securityfocus.com/bid/44496
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/44496
7
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:acegisecurity:acegi-security:1.0.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:acegisecurity:acegi-security:1.0.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:acegisecurity:acegi-security:1.0.0:*:*:*:*:*:*:*
8
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:acegisecurity:acegi-security:1.0.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:acegisecurity:acegi-security:1.0.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:acegisecurity:acegi-security:1.0.1:*:*:*:*:*:*:*
9
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:acegisecurity:acegi-security:1.0.2:*:*:*:*:*:*:*
reference_id cpe:2.3:a:acegisecurity:acegi-security:1.0.2:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:acegisecurity:acegi-security:1.0.2:*:*:*:*:*:*:*
10
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:acegisecurity:acegi-security:1.0.3:*:*:*:*:*:*:*
reference_id cpe:2.3:a:acegisecurity:acegi-security:1.0.3:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:acegisecurity:acegi-security:1.0.3:*:*:*:*:*:*:*
11
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:acegisecurity:acegi-security:1.0.4:*:*:*:*:*:*:*
reference_id cpe:2.3:a:acegisecurity:acegi-security:1.0.4:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:acegisecurity:acegi-security:1.0.4:*:*:*:*:*:*:*
12
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:acegisecurity:acegi-security:1.0.5:*:*:*:*:*:*:*
reference_id cpe:2.3:a:acegisecurity:acegi-security:1.0.5:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:acegisecurity:acegi-security:1.0.5:*:*:*:*:*:*:*
13
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:acegisecurity:acegi-security:1.0.6:*:*:*:*:*:*:*
reference_id cpe:2.3:a:acegisecurity:acegi-security:1.0.6:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:acegisecurity:acegi-security:1.0.6:*:*:*:*:*:*:*
14
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:acegisecurity:acegi-security:1.0.7:*:*:*:*:*:*:*
reference_id cpe:2.3:a:acegisecurity:acegi-security:1.0.7:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:acegisecurity:acegi-security:1.0.7:*:*:*:*:*:*:*
15
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ibm:websphere_application_server:6.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:ibm:websphere_application_server:6.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ibm:websphere_application_server:6.1:*:*:*:*:*:*:*
16
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ibm:websphere_application_server:7.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:ibm:websphere_application_server:7.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ibm:websphere_application_server:7.0:*:*:*:*:*:*:*
17
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:springsource_spring_security:2.0.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:vmware:springsource_spring_security:2.0.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:springsource_spring_security:2.0.0:*:*:*:*:*:*:*
18
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:springsource_spring_security:2.0.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:vmware:springsource_spring_security:2.0.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:springsource_spring_security:2.0.1:*:*:*:*:*:*:*
19
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:springsource_spring_security:2.0.2:*:*:*:*:*:*:*
reference_id cpe:2.3:a:vmware:springsource_spring_security:2.0.2:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:springsource_spring_security:2.0.2:*:*:*:*:*:*:*
20
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:springsource_spring_security:2.0.3:*:*:*:*:*:*:*
reference_id cpe:2.3:a:vmware:springsource_spring_security:2.0.3:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:springsource_spring_security:2.0.3:*:*:*:*:*:*:*
21
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:springsource_spring_security:2.0.4:*:*:*:*:*:*:*
reference_id cpe:2.3:a:vmware:springsource_spring_security:2.0.4:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:springsource_spring_security:2.0.4:*:*:*:*:*:*:*
22
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:springsource_spring_security:2.0.5:*:*:*:*:*:*:*
reference_id cpe:2.3:a:vmware:springsource_spring_security:2.0.5:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:springsource_spring_security:2.0.5:*:*:*:*:*:*:*
23
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:springsource_spring_security:3.0.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:vmware:springsource_spring_security:3.0.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:springsource_spring_security:3.0.0:*:*:*:*:*:*:*
24
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:springsource_spring_security:3.0.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:vmware:springsource_spring_security:3.0.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:springsource_spring_security:3.0.1:*:*:*:*:*:*:*
25
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:springsource_spring_security:3.0.2:*:*:*:*:*:*:*
reference_id cpe:2.3:a:vmware:springsource_spring_security:3.0.2:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:springsource_spring_security:3.0.2:*:*:*:*:*:*:*
26
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:springsource_spring_security:3.0.3:*:*:*:*:*:*:*
reference_id cpe:2.3:a:vmware:springsource_spring_security:3.0.3:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:springsource_spring_security:3.0.3:*:*:*:*:*:*:*
27
reference_url https://nvd.nist.gov/vuln/detail/CVE-2010-3700
reference_id CVE-2010-3700
reference_type
scores
0
value 5.0
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:N/C:N/I:P/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2010-3700
28
reference_url http://www.springsource.com/security/cve-2010-3700
reference_id CVE-2010-3700
reference_type
scores
url http://www.springsource.com/security/cve-2010-3700
29
reference_url https://github.com/advisories/GHSA-3295-h9qx-r82x
reference_id GHSA-3295-h9qx-r82x
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-3295-h9qx-r82x
fixed_packages
0
url pkg:maven/org.springframework.security/spring-security-core@3.0.4
purl pkg:maven/org.springframework.security/spring-security-core@3.0.4
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-core@3.0.4
1
url pkg:maven/org.springframework.security/spring-security-core@3.0.4.RELEASE
purl pkg:maven/org.springframework.security/spring-security-core@3.0.4.RELEASE
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-8jtc-ehgu-x3c5
1
vulnerability VCID-cden-3spy-pyhz
2
vulnerability VCID-deuk-emca-3kgr
3
vulnerability VCID-dfs4-emmn-f3eb
4
vulnerability VCID-dwcq-d6nf-1ubn
5
vulnerability VCID-ev1k-za9z-87hq
6
vulnerability VCID-nddv-1dfd-jfdd
7
vulnerability VCID-sy5j-6rkg-n3b7
8
vulnerability VCID-u6vb-w2bu-ykfk
9
vulnerability VCID-w4q4-38gp-m3d8
10
vulnerability VCID-yeaf-ta2h-p7c1
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-core@3.0.4.RELEASE
aliases CVE-2010-3700, GHSA-3295-h9qx-r82x
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-n8yr-3aex-kyah
2
url VCID-nddv-1dfd-jfdd
vulnerability_id VCID-nddv-1dfd-jfdd
summary 
Concurrent Execution using Shared Resource with Improper Synchronization in Spring Security
Race condition in the RunAsManager mechanism in VMware SpringSource Spring Security before 2.0.7 and 3.0.x before 3.0.6 stores the Authentication object in the shared security context, which allows attackers to gain privileges via a crafted thread.
references
0
reference_url http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=677814
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=677814
1
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-2731.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-2731.json
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2011-2731
reference_id
reference_type
scores
0
value 0.00227
scoring_system epss
scoring_elements 0.45465
published_at 2026-04-21T12:55:00Z
1
value 0.00227
scoring_system epss
scoring_elements 0.45496
published_at 2026-04-11T12:55:00Z
2
value 0.00227
scoring_system epss
scoring_elements 0.45466
published_at 2026-04-12T12:55:00Z
3
value 0.00227
scoring_system epss
scoring_elements 0.45468
published_at 2026-04-13T12:55:00Z
4
value 0.00227
scoring_system epss
scoring_elements 0.45518
published_at 2026-04-16T12:55:00Z
5
value 0.00227
scoring_system epss
scoring_elements 0.45515
published_at 2026-04-18T12:55:00Z
6
value 0.00227
scoring_system epss
scoring_elements 0.45381
published_at 2026-04-01T12:55:00Z
7
value 0.00227
scoring_system epss
scoring_elements 0.45455
published_at 2026-04-02T12:55:00Z
8
value 0.00227
scoring_system epss
scoring_elements 0.45476
published_at 2026-04-09T12:55:00Z
9
value 0.00227
scoring_system epss
scoring_elements 0.45421
published_at 2026-04-07T12:55:00Z
10
value 0.00227
scoring_system epss
scoring_elements 0.45475
published_at 2026-04-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2011-2731
3
reference_url http://secunia.com/advisories/55155
reference_id
reference_type
scores
url http://secunia.com/advisories/55155
4
reference_url https://github.com/spring-projects/spring-security
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/spring-projects/spring-security
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2011-2731
reference_id
reference_type
scores
0
value 5.1
scoring_system cvssv2
scoring_elements AV:N/AC:H/Au:N/C:P/I:P/A:P
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2011-2731
6
reference_url http://support.springsource.com/security/cve-2011-2731
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://support.springsource.com/security/cve-2011-2731
7
reference_url http://www.securitytracker.com/id/1029151
reference_id
reference_type
scores
url http://www.securitytracker.com/id/1029151
8
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=737613
reference_id 737613
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=737613
9
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:springsource_spring_security:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:vmware:springsource_spring_security:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:springsource_spring_security:*:*:*:*:*:*:*:*
10
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:springsource_spring_security:2.0.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:vmware:springsource_spring_security:2.0.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:springsource_spring_security:2.0.0:*:*:*:*:*:*:*
11
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:springsource_spring_security:2.0.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:vmware:springsource_spring_security:2.0.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:springsource_spring_security:2.0.1:*:*:*:*:*:*:*
12
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:springsource_spring_security:2.0.2:*:*:*:*:*:*:*
reference_id cpe:2.3:a:vmware:springsource_spring_security:2.0.2:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:springsource_spring_security:2.0.2:*:*:*:*:*:*:*
13
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:springsource_spring_security:2.0.3:*:*:*:*:*:*:*
reference_id cpe:2.3:a:vmware:springsource_spring_security:2.0.3:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:springsource_spring_security:2.0.3:*:*:*:*:*:*:*
14
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:springsource_spring_security:2.0.4:*:*:*:*:*:*:*
reference_id cpe:2.3:a:vmware:springsource_spring_security:2.0.4:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:springsource_spring_security:2.0.4:*:*:*:*:*:*:*
15
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:springsource_spring_security:2.0.5:*:*:*:*:*:*:*
reference_id cpe:2.3:a:vmware:springsource_spring_security:2.0.5:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:springsource_spring_security:2.0.5:*:*:*:*:*:*:*
16
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:springsource_spring_security:3.0.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:vmware:springsource_spring_security:3.0.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:springsource_spring_security:3.0.0:*:*:*:*:*:*:*
17
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:springsource_spring_security:3.0.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:vmware:springsource_spring_security:3.0.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:springsource_spring_security:3.0.1:*:*:*:*:*:*:*
18
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:springsource_spring_security:3.0.2:*:*:*:*:*:*:*
reference_id cpe:2.3:a:vmware:springsource_spring_security:3.0.2:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:springsource_spring_security:3.0.2:*:*:*:*:*:*:*
19
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:springsource_spring_security:3.0.3:*:*:*:*:*:*:*
reference_id cpe:2.3:a:vmware:springsource_spring_security:3.0.3:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:springsource_spring_security:3.0.3:*:*:*:*:*:*:*
20
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:springsource_spring_security:3.0.4:*:*:*:*:*:*:*
reference_id cpe:2.3:a:vmware:springsource_spring_security:3.0.4:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:springsource_spring_security:3.0.4:*:*:*:*:*:*:*
21
reference_url https://github.com/advisories/GHSA-4644-hg35-55m9
reference_id GHSA-4644-hg35-55m9
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-4644-hg35-55m9
fixed_packages
0
url pkg:maven/org.springframework.security/spring-security-core@3.0.6
purl pkg:maven/org.springframework.security/spring-security-core@3.0.6
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-core@3.0.6
1
url pkg:maven/org.springframework.security/spring-security-core@3.0.6.RELEASE
purl pkg:maven/org.springframework.security/spring-security-core@3.0.6.RELEASE
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-8jtc-ehgu-x3c5
1
vulnerability VCID-cden-3spy-pyhz
2
vulnerability VCID-deuk-emca-3kgr
3
vulnerability VCID-dfs4-emmn-f3eb
4
vulnerability VCID-dwcq-d6nf-1ubn
5
vulnerability VCID-u6vb-w2bu-ykfk
6
vulnerability VCID-w4q4-38gp-m3d8
7
vulnerability VCID-yeaf-ta2h-p7c1
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-core@3.0.6.RELEASE
aliases CVE-2011-2731, GHSA-4644-hg35-55m9
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-nddv-1dfd-jfdd
3
url VCID-sy5j-6rkg-n3b7
vulnerability_id VCID-sy5j-6rkg-n3b7
summary 
Deserialization of Untrusted Data
Spring Framework 3.0.0 through 3.0.5, Spring Security 3.0.0 through 3.0.5 and 2.0.0 through 2.0.6, and possibly other versions deserialize objects from untrusted sources, which allows remote attackers to bypass intended security restrictions and execute untrusted code by (1) serializing a java.lang.Proxy instance and using InvocationHandler, or (2) accessing internal AOP interfaces, as demonstrated using deserialization of a DefaultListableBeanFactory instance to execute arbitrary commands via the java.lang.Runtime class.
references
0
reference_url http://osvdb.org/75263
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://osvdb.org/75263
1
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-2894.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-2894.json
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2011-2894
reference_id
reference_type
scores
0
value 0.02109
scoring_system epss
scoring_elements 0.8413
published_at 2026-04-21T12:55:00Z
1
value 0.02109
scoring_system epss
scoring_elements 0.84036
published_at 2026-04-01T12:55:00Z
2
value 0.02109
scoring_system epss
scoring_elements 0.84049
published_at 2026-04-02T12:55:00Z
3
value 0.02109
scoring_system epss
scoring_elements 0.84065
published_at 2026-04-04T12:55:00Z
4
value 0.02109
scoring_system epss
scoring_elements 0.84067
published_at 2026-04-07T12:55:00Z
5
value 0.02109
scoring_system epss
scoring_elements 0.8409
published_at 2026-04-08T12:55:00Z
6
value 0.02109
scoring_system epss
scoring_elements 0.84097
published_at 2026-04-09T12:55:00Z
7
value 0.02109
scoring_system epss
scoring_elements 0.84114
published_at 2026-04-11T12:55:00Z
8
value 0.02109
scoring_system epss
scoring_elements 0.84108
published_at 2026-04-12T12:55:00Z
9
value 0.02109
scoring_system epss
scoring_elements 0.84104
published_at 2026-04-13T12:55:00Z
10
value 0.02109
scoring_system epss
scoring_elements 0.84126
published_at 2026-04-16T12:55:00Z
11
value 0.02109
scoring_system epss
scoring_elements 0.84128
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2011-2894
3
reference_url http://securityreason.com/securityalert/8405
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://securityreason.com/securityalert/8405
4
reference_url https://exchange.xforce.ibmcloud.com/vulnerabilities/69687
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://exchange.xforce.ibmcloud.com/vulnerabilities/69687
5
reference_url https://github.com/spring-projects/spring-framework
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/spring-projects/spring-framework
6
reference_url https://github.com/spring-projects/spring-framework/commit/070a723ef2c886770a063eb9a67f84f74e06edfb
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/spring-projects/spring-framework/commit/070a723ef2c886770a063eb9a67f84f74e06edfb
7
reference_url http://www.redhat.com/support/errata/RHSA-2011-1334.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.redhat.com/support/errata/RHSA-2011-1334.html
8
reference_url http://www.securityfocus.com/archive/1/519593/100/0/threaded
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.securityfocus.com/archive/1/519593/100/0/threaded
9
reference_url http://www.securityfocus.com/bid/49536
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.securityfocus.com/bid/49536
10
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=737611
reference_id 737611
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=737611
11
reference_url https://nvd.nist.gov/vuln/detail/CVE-2011-2894
reference_id CVE-2011-2894
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2011-2894
12
reference_url https://web.archive.org/web/20120307233721/http://www.springsource.com/security/cve-2011-2894
reference_id CVE-2011-2894
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20120307233721/http://www.springsource.com/security/cve-2011-2894
13
reference_url http://www.springsource.com/security/cve-2011-2894
reference_id CVE-2011-2894
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.springsource.com/security/cve-2011-2894
14
reference_url https://github.com/advisories/GHSA-f866-m9mv-2xr3
reference_id GHSA-f866-m9mv-2xr3
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-f866-m9mv-2xr3
15
reference_url https://access.redhat.com/errata/RHSA-2011:1334
reference_id RHSA-2011:1334
reference_type
scores
url https://access.redhat.com/errata/RHSA-2011:1334
fixed_packages
0
url pkg:maven/org.springframework.security/spring-security-core@3.0.6
purl pkg:maven/org.springframework.security/spring-security-core@3.0.6
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-core@3.0.6
1
url pkg:maven/org.springframework.security/spring-security-core@3.0.6.RELEASE
purl pkg:maven/org.springframework.security/spring-security-core@3.0.6.RELEASE
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-8jtc-ehgu-x3c5
1
vulnerability VCID-cden-3spy-pyhz
2
vulnerability VCID-deuk-emca-3kgr
3
vulnerability VCID-dfs4-emmn-f3eb
4
vulnerability VCID-dwcq-d6nf-1ubn
5
vulnerability VCID-u6vb-w2bu-ykfk
6
vulnerability VCID-w4q4-38gp-m3d8
7
vulnerability VCID-yeaf-ta2h-p7c1
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-core@3.0.6.RELEASE
aliases CVE-2011-2894, GHSA-f866-m9mv-2xr3
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-sy5j-6rkg-n3b7
4
url VCID-w4q4-38gp-m3d8
vulnerability_id VCID-w4q4-38gp-m3d8
summary 
Exposure of Sensitive Information to an Unauthorized Actor
This package does not check the password if the user is not found, which makes the response delay shorter and might allow remote attackers to enumerate valid usernames via a series of login requests.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-5055.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-5055.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2012-5055
reference_id
reference_type
scores
0
value 0.00359
scoring_system epss
scoring_elements 0.58097
published_at 2026-04-21T12:55:00Z
1
value 0.00359
scoring_system epss
scoring_elements 0.58111
published_at 2026-04-12T12:55:00Z
2
value 0.00359
scoring_system epss
scoring_elements 0.5809
published_at 2026-04-13T12:55:00Z
3
value 0.00359
scoring_system epss
scoring_elements 0.58121
published_at 2026-04-16T12:55:00Z
4
value 0.00359
scoring_system epss
scoring_elements 0.58122
published_at 2026-04-18T12:55:00Z
5
value 0.00359
scoring_system epss
scoring_elements 0.57979
published_at 2026-04-01T12:55:00Z
6
value 0.00359
scoring_system epss
scoring_elements 0.58063
published_at 2026-04-02T12:55:00Z
7
value 0.00359
scoring_system epss
scoring_elements 0.58085
published_at 2026-04-04T12:55:00Z
8
value 0.00359
scoring_system epss
scoring_elements 0.58059
published_at 2026-04-07T12:55:00Z
9
value 0.00359
scoring_system epss
scoring_elements 0.58114
published_at 2026-04-08T12:55:00Z
10
value 0.00359
scoring_system epss
scoring_elements 0.58118
published_at 2026-04-09T12:55:00Z
11
value 0.00359
scoring_system epss
scoring_elements 0.58134
published_at 2026-04-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2012-5055
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2012-5055
reference_id
reference_type
scores
0
value 5.0
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:N/C:P/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2012-5055
3
reference_url http://support.springsource.com/security/CVE-2012-5055
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://support.springsource.com/security/CVE-2012-5055
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=886031
reference_id 886031
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=886031
5
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:springsource_spring_security:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:vmware:springsource_spring_security:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:springsource_spring_security:*:*:*:*:*:*:*:*
6
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:springsource_spring_security:2.0.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:vmware:springsource_spring_security:2.0.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:springsource_spring_security:2.0.0:*:*:*:*:*:*:*
7
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:springsource_spring_security:2.0.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:vmware:springsource_spring_security:2.0.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:springsource_spring_security:2.0.1:*:*:*:*:*:*:*
8
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:springsource_spring_security:2.0.2:*:*:*:*:*:*:*
reference_id cpe:2.3:a:vmware:springsource_spring_security:2.0.2:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:springsource_spring_security:2.0.2:*:*:*:*:*:*:*
9
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:springsource_spring_security:2.0.3:*:*:*:*:*:*:*
reference_id cpe:2.3:a:vmware:springsource_spring_security:2.0.3:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:springsource_spring_security:2.0.3:*:*:*:*:*:*:*
10
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:springsource_spring_security:2.0.4:*:*:*:*:*:*:*
reference_id cpe:2.3:a:vmware:springsource_spring_security:2.0.4:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:springsource_spring_security:2.0.4:*:*:*:*:*:*:*
11
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:springsource_spring_security:2.0.5:*:*:*:*:*:*:*
reference_id cpe:2.3:a:vmware:springsource_spring_security:2.0.5:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:springsource_spring_security:2.0.5:*:*:*:*:*:*:*
12
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:springsource_spring_security:3.0.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:vmware:springsource_spring_security:3.0.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:springsource_spring_security:3.0.0:*:*:*:*:*:*:*
13
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:springsource_spring_security:3.0.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:vmware:springsource_spring_security:3.0.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:springsource_spring_security:3.0.1:*:*:*:*:*:*:*
14
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:springsource_spring_security:3.0.2:*:*:*:*:*:*:*
reference_id cpe:2.3:a:vmware:springsource_spring_security:3.0.2:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:springsource_spring_security:3.0.2:*:*:*:*:*:*:*
15
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:springsource_spring_security:3.0.3:*:*:*:*:*:*:*
reference_id cpe:2.3:a:vmware:springsource_spring_security:3.0.3:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:springsource_spring_security:3.0.3:*:*:*:*:*:*:*
16
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:springsource_spring_security:3.0.4:*:*:*:*:*:*:*
reference_id cpe:2.3:a:vmware:springsource_spring_security:3.0.4:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:springsource_spring_security:3.0.4:*:*:*:*:*:*:*
17
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:springsource_spring_security:3.0.5:*:*:*:*:*:*:*
reference_id cpe:2.3:a:vmware:springsource_spring_security:3.0.5:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:springsource_spring_security:3.0.5:*:*:*:*:*:*:*
18
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:springsource_spring_security:3.1.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:vmware:springsource_spring_security:3.1.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:springsource_spring_security:3.1.1:*:*:*:*:*:*:*
19
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:springsource_spring_security:3.1.2:*:*:*:*:*:*:*
reference_id cpe:2.3:a:vmware:springsource_spring_security:3.1.2:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:springsource_spring_security:3.1.2:*:*:*:*:*:*:*
20
reference_url http://support.springsource.com/security/cve-2012-5055
reference_id CVE-2012-5055
reference_type
scores
url http://support.springsource.com/security/cve-2012-5055
21
reference_url https://github.com/advisories/GHSA-3533-rvpc-6x56
reference_id GHSA-3533-rvpc-6x56
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-3533-rvpc-6x56
22
reference_url https://access.redhat.com/errata/RHSA-2013:0649
reference_id RHSA-2013:0649
reference_type
scores
url https://access.redhat.com/errata/RHSA-2013:0649
fixed_packages
0
url pkg:maven/org.springframework.security/spring-security-core@3.0.8
purl pkg:maven/org.springframework.security/spring-security-core@3.0.8
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-core@3.0.8
1
url pkg:maven/org.springframework.security/spring-security-core@3.0.8.RELEASE
purl pkg:maven/org.springframework.security/spring-security-core@3.0.8.RELEASE
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-8jtc-ehgu-x3c5
1
vulnerability VCID-cden-3spy-pyhz
2
vulnerability VCID-deuk-emca-3kgr
3
vulnerability VCID-dfs4-emmn-f3eb
4
vulnerability VCID-dwcq-d6nf-1ubn
5
vulnerability VCID-u6vb-w2bu-ykfk
6
vulnerability VCID-yeaf-ta2h-p7c1
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-core@3.0.8.RELEASE
2
url pkg:maven/org.springframework.security/spring-security-core@3.1.3
purl pkg:maven/org.springframework.security/spring-security-core@3.1.3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-core@3.1.3
3
url pkg:maven/org.springframework.security/spring-security-core@3.1.3.RELEASE
purl pkg:maven/org.springframework.security/spring-security-core@3.1.3.RELEASE
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-8jtc-ehgu-x3c5
1
vulnerability VCID-cden-3spy-pyhz
2
vulnerability VCID-deuk-emca-3kgr
3
vulnerability VCID-dfs4-emmn-f3eb
4
vulnerability VCID-dwcq-d6nf-1ubn
5
vulnerability VCID-u6vb-w2bu-ykfk
6
vulnerability VCID-yeaf-ta2h-p7c1
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-core@3.1.3.RELEASE
aliases CVE-2012-5055, GHSA-3533-rvpc-6x56
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-w4q4-38gp-m3d8
Fixing_vulnerabilities
Risk_score10.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-core@3.0.0