Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:maven/org.springframework/spring-core@6.0.8
Typemaven
Namespaceorg.springframework
Namespring-core
Version6.0.8
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version6.2.11
Latest_non_vulnerable_version6.2.11
Affected_by_vulnerabilities
0
url VCID-k2en-h5n1-r7gr
vulnerability_id VCID-k2en-h5n1-r7gr
summary 
Spring Framework annotation detection mechanism may result in improper authorization
The Spring Framework annotation detection mechanism may not correctly resolve annotations on methods within type hierarchies with a parameterized super type with unbounded generics. This can be an issue if such annotations are used for authorization decisions.

Your application may be affected by this if you are using Spring Security's @EnableMethodSecurity feature.

You are not affected by this if you are not using @EnableMethodSecurity or if you do not use security annotations on methods in generic superclasses or generic interfaces.

This CVE is published in conjunction with  CVE-2025-41248 https://spring.io/security/cve-2025-41248 .
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-41249.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-41249.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-41249
reference_id
reference_type
scores
0
value 0.00064
scoring_system epss
scoring_elements 0.20101
published_at 2026-04-11T12:55:00Z
1
value 0.00064
scoring_system epss
scoring_elements 0.20085
published_at 2026-04-09T12:55:00Z
2
value 0.00064
scoring_system epss
scoring_elements 0.20027
published_at 2026-04-08T12:55:00Z
3
value 0.00064
scoring_system epss
scoring_elements 0.19947
published_at 2026-04-07T12:55:00Z
4
value 0.00064
scoring_system epss
scoring_elements 0.20221
published_at 2026-04-04T12:55:00Z
5
value 0.00064
scoring_system epss
scoring_elements 0.20162
published_at 2026-04-02T12:55:00Z
6
value 0.00073
scoring_system epss
scoring_elements 0.22011
published_at 2026-04-21T12:55:00Z
7
value 0.00073
scoring_system epss
scoring_elements 0.22125
published_at 2026-04-12T12:55:00Z
8
value 0.00073
scoring_system epss
scoring_elements 0.22065
published_at 2026-04-13T12:55:00Z
9
value 0.00073
scoring_system epss
scoring_elements 0.22064
published_at 2026-04-16T12:55:00Z
10
value 0.00073
scoring_system epss
scoring_elements 0.22057
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-41249
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-41249
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-41249
3
reference_url https://github.com/spring-projects/spring-framework
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/spring-projects/spring-framework
4
reference_url https://github.com/spring-projects/spring-framework/commit/6d710d482a6785b069e35022e81758953afc21ff
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/spring-projects/spring-framework/commit/6d710d482a6785b069e35022e81758953afc21ff
5
reference_url https://github.com/spring-projects/spring-framework/issues/35342
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/spring-projects/spring-framework/issues/35342
6
reference_url https://github.com/spring-projects/spring-framework/releases/tag/v6.2.11
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/spring-projects/spring-framework/releases/tag/v6.2.11
7
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2395725
reference_id 2395725
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2395725
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-41249
reference_id CVE-2025-41249
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-41249
9
reference_url https://spring.io/security/cve-2025-41249
reference_id CVE-2025-41249
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-16T19:29:22Z/
url https://spring.io/security/cve-2025-41249
10
reference_url https://github.com/advisories/GHSA-jmp9-x22r-554x
reference_id GHSA-jmp9-x22r-554x
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-jmp9-x22r-554x
11
reference_url https://access.redhat.com/errata/RHSA-2025:18028
reference_id RHSA-2025:18028
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:18028
12
reference_url https://access.redhat.com/errata/RHSA-2025:22765
reference_id RHSA-2025:22765
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:22765
fixed_packages
0
url pkg:maven/org.springframework/spring-core@6.2.11
purl pkg:maven/org.springframework/spring-core@6.2.11
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-core@6.2.11
aliases CVE-2025-41249, GHSA-jmp9-x22r-554x
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-k2en-h5n1-r7gr
Fixing_vulnerabilities
0
url VCID-6ysx-5wcw-f7b5
vulnerability_id VCID-6ysx-5wcw-f7b5
summary 
Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')
In spring framework versions prior to 5.2.24 release+,5.3.27+ and 6.0.8+, it is possible for a user to provide a specially crafted SpEL expression that may cause a denial-of-service (DoS) condition.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-20863.json
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-20863.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-20863
reference_id
reference_type
scores
0
value 0.00783
scoring_system epss
scoring_elements 0.73697
published_at 2026-04-02T12:55:00Z
1
value 0.00783
scoring_system epss
scoring_elements 0.73729
published_at 2026-04-08T12:55:00Z
2
value 0.00783
scoring_system epss
scoring_elements 0.73694
published_at 2026-04-07T12:55:00Z
3
value 0.00783
scoring_system epss
scoring_elements 0.73721
published_at 2026-04-04T12:55:00Z
4
value 0.00783
scoring_system epss
scoring_elements 0.73737
published_at 2026-04-13T12:55:00Z
5
value 0.00783
scoring_system epss
scoring_elements 0.73745
published_at 2026-04-12T12:55:00Z
6
value 0.00783
scoring_system epss
scoring_elements 0.73763
published_at 2026-04-11T12:55:00Z
7
value 0.00783
scoring_system epss
scoring_elements 0.73742
published_at 2026-04-09T12:55:00Z
8
value 0.00936
scoring_system epss
scoring_elements 0.76214
published_at 2026-04-18T12:55:00Z
9
value 0.00936
scoring_system epss
scoring_elements 0.7621
published_at 2026-04-16T12:55:00Z
10
value 0.00936
scoring_system epss
scoring_elements 0.76207
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-20863
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20863
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20863
3
reference_url https://github.com/spring-projects/spring-framework
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/spring-projects/spring-framework
4
reference_url https://github.com/spring-projects/spring-framework/commit/965a6392757d20f9db19241126fcc719a51eac15
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/spring-projects/spring-framework/commit/965a6392757d20f9db19241126fcc719a51eac15
5
reference_url https://github.com/spring-projects/spring-framework/commit/b73f5fcac22555f844cf27a7eeb876cb9d7f7f7e
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/spring-projects/spring-framework/commit/b73f5fcac22555f844cf27a7eeb876cb9d7f7f7e
6
reference_url https://github.com/spring-projects/spring-framework/commit/ebc82654282bda547fbc20a9749ab1bda886a46f
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/spring-projects/spring-framework/commit/ebc82654282bda547fbc20a9749ab1bda886a46f
7
reference_url https://security.netapp.com/advisory/ntap-20240524-0015
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20240524-0015
8
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2187742
reference_id 2187742
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2187742
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-20863
reference_id CVE-2023-20863
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-20863
10
reference_url https://spring.io/security/cve-2023-20863
reference_id CVE-2023-20863
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-07T16:47:31Z/
url https://spring.io/security/cve-2023-20863
11
reference_url https://github.com/advisories/GHSA-wxqc-pxw9-g2p8
reference_id GHSA-wxqc-pxw9-g2p8
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-wxqc-pxw9-g2p8
12
reference_url https://security.netapp.com/advisory/ntap-20240524-0015/
reference_id ntap-20240524-0015
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-07T16:47:31Z/
url https://security.netapp.com/advisory/ntap-20240524-0015/
13
reference_url https://access.redhat.com/errata/RHSA-2023:2099
reference_id RHSA-2023:2099
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:2099
14
reference_url https://access.redhat.com/errata/RHSA-2023:2100
reference_id RHSA-2023:2100
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:2100
fixed_packages
0
url pkg:maven/org.springframework/spring-core@5.2.24.RELEASE
purl pkg:maven/org.springframework/spring-core@5.2.24.RELEASE
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-core@5.2.24.RELEASE
1
url pkg:maven/org.springframework/spring-core@5.3.27
purl pkg:maven/org.springframework/spring-core@5.3.27
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-k2en-h5n1-r7gr
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-core@5.3.27
2
url pkg:maven/org.springframework/spring-core@6.0.8
purl pkg:maven/org.springframework/spring-core@6.0.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-k2en-h5n1-r7gr
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-core@6.0.8
aliases CVE-2023-20863, GHSA-wxqc-pxw9-g2p8
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6ysx-5wcw-f7b5
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-core@6.0.8