Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:maven/org.springframework/spring-context@5.3.0
Typemaven
Namespaceorg.springframework
Namespring-context
Version5.3.0
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version5.2.21
Latest_non_vulnerable_version5.3.19
Affected_by_vulnerabilities
0
url VCID-ypb4-mywt-bfac
vulnerability_id VCID-ypb4-mywt-bfac
summary 
Improper Handling of Case Sensitivity
In Spring Framework versions 5.3.0 - 5.3.18, 5.2.0 - 5.2.20, and older unsupported versions, the patterns for disallowedFields on a DataBinder are case sensitive which means a field is not effectively protected unless it is listed with both upper and lower case for the first character of the field, including upper and lower case for the first character of all nested fields within the property path.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-22968
reference_id
reference_type
scores
0
value 0.20519
scoring_system epss
scoring_elements 0.95662
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-22968
1
reference_url https://github.com/spring-projects/spring-framework/commit/833e750175349ab4fd502109a8b41af77e25cdea
reference_id
reference_type
scores
url https://github.com/spring-projects/spring-framework/commit/833e750175349ab4fd502109a8b41af77e25cdea
2
reference_url https://github.com/spring-projects/spring-framework/commit/a7cf19cec5ebd270f97a194d749e2d5701ad2ab7
reference_id
reference_type
scores
url https://github.com/spring-projects/spring-framework/commit/a7cf19cec5ebd270f97a194d749e2d5701ad2ab7
3
reference_url https://security.netapp.com/advisory/ntap-20220602-0004/
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20220602-0004/
4
reference_url https://www.oracle.com/security-alerts/cpujul2022.html
reference_id
reference_type
scores
url https://www.oracle.com/security-alerts/cpujul2022.html
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-22968
reference_id CVE-2022-22968
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2022-22968
6
reference_url https://tanzu.vmware.com/security/cve-2022-22968
reference_id CVE-2022-22968
reference_type
scores
url https://tanzu.vmware.com/security/cve-2022-22968
7
reference_url https://github.com/advisories/GHSA-g5mm-vmx4-3rg7
reference_id GHSA-g5mm-vmx4-3rg7
reference_type
scores
url https://github.com/advisories/GHSA-g5mm-vmx4-3rg7
fixed_packages
0
url pkg:maven/org.springframework/spring-context@5.3.19
purl pkg:maven/org.springframework/spring-context@5.3.19
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-context@5.3.19
aliases CVE-2022-22968, GHSA-g5mm-vmx4-3rg7
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ypb4-mywt-bfac
Fixing_vulnerabilities
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-context@5.3.0