Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:maven/org.springframework/spring-context@5.3.19

Type maven

Namespace org.springframework

Name spring-context

Version 5.3.19

Qualifiers

Subpath

Is_vulnerable false

Next_non_vulnerable_version null

Latest_non_vulnerable_version null

Affected_by_vulnerabilities

Fixing_vulnerabilities

url VCID-ypb4-mywt-bfac

vulnerability_id VCID-ypb4-mywt-bfac

summary

Improper Handling of Case Sensitivity
In Spring Framework versions 5.3.0 - 5.3.18, 5.2.0 - 5.2.20, and older unsupported versions, the patterns for disallowedFields on a DataBinder are case sensitive which means a field is not effectively protected unless it is listed with both upper and lower case for the first character of the field, including upper and lower case for the first character of all nested fields within the property path.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-22968

reference_id

reference_type

scores

value	0.20519
scoring_system	epss
scoring_elements	0.95662
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-22968

reference_url

https://github.com/spring-projects/spring-framework

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/spring-projects/spring-framework

reference_url

https://github.com/spring-projects/spring-framework/commit/833e750175349ab4fd502109a8b41af77e25cdea

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/spring-projects/spring-framework/commit/833e750175349ab4fd502109a8b41af77e25cdea

reference_url

https://github.com/spring-projects/spring-framework/commit/a7cf19cec5ebd270f97a194d749e2d5701ad2ab7

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/spring-projects/spring-framework/commit/a7cf19cec5ebd270f97a194d749e2d5701ad2ab7

reference_url

https://security.netapp.com/advisory/ntap-20220602-0004

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20220602-0004

reference_url	https://security.netapp.com/advisory/ntap-20220602-0004/
reference_id
reference_type
scores
url	https://security.netapp.com/advisory/ntap-20220602-0004/

reference_url

https://www.oracle.com/security-alerts/cpujul2022.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpujul2022.html

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2022-22968

reference_id

CVE-2022-22968

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2022-22968

reference_url

https://tanzu.vmware.com/security/cve-2022-22968

reference_id

CVE-2022-22968

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://tanzu.vmware.com/security/cve-2022-22968

reference_url

https://github.com/advisories/GHSA-g5mm-vmx4-3rg7

reference_id

GHSA-g5mm-vmx4-3rg7

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-g5mm-vmx4-3rg7

fixed_packages

url	pkg:maven/org.springframework/spring-context@5.2.21.RELEASE
purl	pkg:maven/org.springframework/spring-context@5.2.21.RELEASE
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-context@5.2.21.RELEASE

url	pkg:maven/org.springframework/spring-context@5.2.21
purl	pkg:maven/org.springframework/spring-context@5.2.21
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-context@5.2.21

url	pkg:maven/org.springframework/spring-context@5.3.19
purl	pkg:maven/org.springframework/spring-context@5.3.19
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-context@5.3.19

aliases CVE-2022-22968, GHSA-g5mm-vmx4-3rg7

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ypb4-mywt-bfac

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-context@5.3.19

Package Instance