Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/63114?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/63114?format=api", "purl": "pkg:maven/org.springframework.security/spring-security-core@2.0.0", "type": "maven", "namespace": "org.springframework.security", "name": "spring-security-core", "version": "2.0.0", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "2.0.6", "latest_non_vulnerable_version": "7.0.5", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/38628?format=api", "vulnerability_id": "VCID-28ru-qm8a-skg3", "summary": "Access control bypass via untrusted infomation usage in proxy ticket authentication\nWhen using the CAS Proxy ticket authentication a malicious CAS Service could trick another CAS Service into authenticating a proxy ticket that was not associated. This is due to the fact that the proxy ticket authentication uses the information from the HttpServletRequest which is populated based upon untrusted information within the HTTP request. This means if there are access control restrictions on which CAS services can authenticate to one another, those restrictions can be bypassed. If users are not using CAS Proxy tickets and not basing access control decisions based upon the CAS Service, then there is no impact to users.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3527.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3527.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-3527", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00359", "scoring_system": "epss", "scoring_elements": "0.5834", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-3527" }, { "reference_url": "https://github.com/spring-projects/spring-security", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/spring-projects/spring-security" }, { "reference_url": "https://github.com/spring-projects/spring-security/commit/2cb99f079152ac05cee5c90457c7feb3bb2de55", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/spring-projects/spring-security/commit/2cb99f079152ac05cee5c90457c7feb3bb2de55" }, { "reference_url": "https://github.com/spring-projects/spring-security/commit/934937d9c1dc20c396b96c08310b72cfa627acb", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/spring-projects/spring-security/commit/934937d9c1dc20c396b96c08310b72cfa627acb" }, { "reference_url": "https://github.com/spring-projects/spring-security/issues/2907", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/spring-projects/spring-security/issues/2907" }, { "reference_url": "https://jira.spring.io/browse/SEC-2688", "reference_id": "", "reference_type": "", "scores": [], "url": "https://jira.spring.io/browse/SEC-2688" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1131359", "reference_id": "1131359", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1131359" }, { "reference_url": "https://bugzilla.redhat.com/CVE-2014-3527", "reference_id": "CVE-2014-3527", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/CVE-2014-3527" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2014-3527", "reference_id": "CVE-2014-3527", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-3527" }, { "reference_url": "https://pivotal.io/security/cve-2014-3527", "reference_id": "CVE-2014-3527", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://pivotal.io/security/cve-2014-3527" }, { "reference_url": "http://www.gopivotal.com/security/cve-2014-3527", "reference_id": "CVE-2014-3527", "reference_type": "", "scores": [], "url": "http://www.gopivotal.com/security/cve-2014-3527" }, { "reference_url": "https://spring.io/blog/2014/08/15/cve-2014-3527-fixed-in-spring-security-3-2-5-and-3-1-7", "reference_id": "CVE-2014-3527-FIXED-IN-SPRING-SECURITY-3-2-5-AND-3-1-7", "reference_type": "", "scores": [], "url": "https://spring.io/blog/2014/08/15/cve-2014-3527-fixed-in-spring-security-3-2-5-and-3-1-7" }, { "reference_url": "https://github.com/advisories/GHSA-wmv4-5w76-vp9g", "reference_id": "GHSA-wmv4-5w76-vp9g", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-wmv4-5w76-vp9g" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/78683?format=api", "purl": "pkg:maven/org.springframework.security/spring-security-core@3.1.7", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-core@3.1.7" }, { "url": "http://public2.vulnerablecode.io/api/packages/181309?format=api", "purl": "pkg:maven/org.springframework.security/spring-security-core@3.1.7.RELEASE", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-46dm-5t83-tyh6" }, { "vulnerability": "VCID-aygn-9njz-ybfh" }, { "vulnerability": "VCID-vh4r-sk3t-eqe3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-core@3.1.7.RELEASE" }, { "url": "http://public2.vulnerablecode.io/api/packages/78684?format=api", "purl": "pkg:maven/org.springframework.security/spring-security-core@3.2.5", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-core@3.2.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/181314?format=api", "purl": "pkg:maven/org.springframework.security/spring-security-core@3.2.5.RELEASE", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-46dm-5t83-tyh6" }, { "vulnerability": "VCID-aygn-9njz-ybfh" }, { "vulnerability": "VCID-vh4r-sk3t-eqe3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-core@3.2.5.RELEASE" } ], "aliases": [ "CVE-2014-3527", "GHSA-wmv4-5w76-vp9g" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-28ru-qm8a-skg3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/38632?format=api", "vulnerability_id": "VCID-46dm-5t83-tyh6", "summary": "Spring Security / MVC Path Matching Inconsistency\nThis package rely on URL pattern mappings for authorization and for mapping requests to controllers respectively. Differences in the strictness of the pattern matching mechanisms, for example with regards to space trimming in path segments, can lead Spring Security to not recognize certain paths as not protected that are in fact mapped to Spring MVC controllers that should be protected. The problem is compounded by the fact that the Spring Framework provides richer features with regards to pattern matching as well as by the fact that pattern matching in each Spring Security and the Spring Framework can easily be customized creating additional differences.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-5007.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-5007.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-5007", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00155", "scoring_system": "epss", "scoring_elements": "0.359", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-5007" }, { "reference_url": "https://github.com/advisories/GHSA-8crv-49fr-2h6j", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-8crv-49fr-2h6j" }, { "reference_url": "https://github.com/spring-projects/spring-framework/commit/a30ab30e4e9ae021fdda04e9abfc228476b846b5", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/spring-projects/spring-framework/commit/a30ab30e4e9ae021fdda04e9abfc228476b846b5" }, { "reference_url": "https://github.com/spring-projects/spring-security/commit/e4c13e3c0ee7f06f59d3b43ca6734215ad7d8974", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/spring-projects/spring-security/commit/e4c13e3c0ee7f06f59d3b43ca6734215ad7d8974" }, { "reference_url": "https://github.com/spring-projects/spring-security/issues/3964", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/spring-projects/spring-security/issues/3964" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-5007", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-5007" }, { "reference_url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" }, { "reference_url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html" }, { "reference_url": "http://www.securityfocus.com/bid/91687", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.securityfocus.com/bid/91687" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1353902", "reference_id": "1353902", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1353902" }, { "reference_url": "https://pivotal.io/security/cve-2016-5007", "reference_id": "CVE-2016-5007", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://pivotal.io/security/cve-2016-5007" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/143194?format=api", "purl": "pkg:maven/org.springframework.security/spring-security-core@4.1.1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-core@4.1.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/53620?format=api", "purl": "pkg:maven/org.springframework.security/spring-security-core@4.1.1.RELEASE", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2fan-h878-8faj" }, { "vulnerability": "VCID-aygn-9njz-ybfh" }, { "vulnerability": "VCID-h4kj-zdr8-wbdr" }, { "vulnerability": "VCID-vh4r-sk3t-eqe3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-core@4.1.1.RELEASE" } ], "aliases": [ "CVE-2016-5007", "GHSA-8crv-49fr-2h6j" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-46dm-5t83-tyh6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/43864?format=api", "vulnerability_id": "VCID-7kpg-9qh6-c7e6", "summary": "Authentication Bypass Using an Alternate Path or Channel in SpringSource Spring Security and Acegi Security\nVMware SpringSource Spring Security 2.x before 2.0.6 and 3.x before 3.0.4, and Acegi Security 1.0.0 through 1.0.7, as used in IBM WebSphere Application Server (WAS) 6.1 and 7.0, allows remote attackers to bypass security constraints via a path parameter.", "references": [ { "reference_url": "http://osvdb.org/68931", "reference_id": "", "reference_type": "", "scores": [], "url": "http://osvdb.org/68931" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-3700", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00248", "scoring_system": "epss", "scoring_elements": "0.4824", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-3700" }, { "reference_url": "https://issues.apache.org/bugzilla/show_bug.cgi?id=25015", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://issues.apache.org/bugzilla/show_bug.cgi?id=25015" }, { "reference_url": "https://web.archive.org/web/20110802082343/http://www.springsource.com/security/cve-2010-3700", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20110802082343/http://www.springsource.com/security/cve-2010-3700" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2010-3700", "reference_id": "CVE-2010-3700", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-3700" }, { "reference_url": "http://www.springsource.com/security/cve-2010-3700", "reference_id": "CVE-2010-3700", "reference_type": "", "scores": [], "url": "http://www.springsource.com/security/cve-2010-3700" }, { "reference_url": "https://github.com/advisories/GHSA-3295-h9qx-r82x", "reference_id": "GHSA-3295-h9qx-r82x", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-3295-h9qx-r82x" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/63116?format=api", "purl": "pkg:maven/org.springframework.security/spring-security-core@2.0.6", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-core@2.0.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/63117?format=api", "purl": "pkg:maven/org.springframework.security/spring-security-core@3.0.4", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-core@3.0.4" } ], "aliases": [ "CVE-2010-3700", "GHSA-3295-h9qx-r82x" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7kpg-9qh6-c7e6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/43863?format=api", "vulnerability_id": "VCID-gmn5-ykw3-cqf4", "summary": "Deserialization of Untrusted Data\nSpring Framework 3.0.0 through 3.0.5, Spring Security 3.0.0 through 3.0.5 and 2.0.0 through 2.0.6, and possibly other versions deserialize objects from untrusted sources, which allows remote attackers to bypass intended security restrictions and execute untrusted code by (1) serializing a java.lang.Proxy instance and using InvocationHandler, or (2) accessing internal AOP interfaces, as demonstrated using deserialization of a DefaultListableBeanFactory instance to execute arbitrary commands via the java.lang.Runtime class.", "references": [ { "reference_url": "http://osvdb.org/75263", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://osvdb.org/75263" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-2894.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-2894.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-2894", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01998", "scoring_system": "epss", "scoring_elements": "0.8397", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-2894" }, { "reference_url": "http://securityreason.com/securityalert/8405", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://securityreason.com/securityalert/8405" }, { "reference_url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69687", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69687" }, { "reference_url": "https://github.com/spring-projects/spring-framework", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/spring-projects/spring-framework" }, { "reference_url": "https://github.com/spring-projects/spring-framework/commit/070a723ef2c886770a063eb9a67f84f74e06edfb", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/spring-projects/spring-framework/commit/070a723ef2c886770a063eb9a67f84f74e06edfb" }, { "reference_url": "http://www.redhat.com/support/errata/RHSA-2011-1334.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.redhat.com/support/errata/RHSA-2011-1334.html" }, { "reference_url": "http://www.securityfocus.com/archive/1/519593/100/0/threaded", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.securityfocus.com/archive/1/519593/100/0/threaded" }, { "reference_url": "http://www.securityfocus.com/bid/49536", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.securityfocus.com/bid/49536" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=737611", "reference_id": "737611", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=737611" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2011-2894", "reference_id": "CVE-2011-2894", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-2894" }, { "reference_url": "https://web.archive.org/web/20120307233721/http://www.springsource.com/security/cve-2011-2894", "reference_id": "CVE-2011-2894", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20120307233721/http://www.springsource.com/security/cve-2011-2894" }, { "reference_url": "http://www.springsource.com/security/cve-2011-2894", "reference_id": "CVE-2011-2894", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.springsource.com/security/cve-2011-2894" }, { "reference_url": "https://github.com/advisories/GHSA-f866-m9mv-2xr3", "reference_id": "GHSA-f866-m9mv-2xr3", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-f866-m9mv-2xr3" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:1334", "reference_id": "RHSA-2011:1334", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:1334" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/63207?format=api", "purl": "pkg:maven/org.springframework.security/spring-security-core@2.0.7", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-core@2.0.7" }, { "url": "http://public2.vulnerablecode.io/api/packages/63208?format=api", "purl": "pkg:maven/org.springframework.security/spring-security-core@3.0.6", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-core@3.0.6" } ], "aliases": [ "CVE-2011-2894", "GHSA-f866-m9mv-2xr3" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gmn5-ykw3-cqf4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/37472?format=api", "vulnerability_id": "VCID-m3ht-28wc-yyeg", "summary": "Exposure of Sensitive Information to an Unauthorized Actor\nThis package does not check the password if the user is not found, which makes the response delay shorter and might allow remote attackers to enumerate valid usernames via a series of login requests.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-5055.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-5055.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-5055", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00359", "scoring_system": "epss", "scoring_elements": "0.58364", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-5055" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2012-5055", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-5055" }, { "reference_url": "http://support.springsource.com/security/CVE-2012-5055", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://support.springsource.com/security/CVE-2012-5055" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=886031", "reference_id": "886031", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=886031" }, { "reference_url": "http://support.springsource.com/security/cve-2012-5055", "reference_id": "CVE-2012-5055", "reference_type": "", "scores": [], "url": "http://support.springsource.com/security/cve-2012-5055" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:0649", "reference_id": "RHSA-2013:0649", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:0649" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/156061?format=api", "purl": "pkg:maven/org.springframework.security/spring-security-core@2.0.8", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-core@2.0.8" }, { "url": "http://public2.vulnerablecode.io/api/packages/51340?format=api", "purl": "pkg:maven/org.springframework.security/spring-security-core@2.0.8.RELEASE", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-28ru-qm8a-skg3" }, { "vulnerability": "VCID-46dm-5t83-tyh6" }, { "vulnerability": "VCID-vh4r-sk3t-eqe3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-core@2.0.8.RELEASE" }, { "url": "http://public2.vulnerablecode.io/api/packages/156062?format=api", "purl": "pkg:maven/org.springframework.security/spring-security-core@3.0.8", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-core@3.0.8" }, { "url": "http://public2.vulnerablecode.io/api/packages/51341?format=api", "purl": "pkg:maven/org.springframework.security/spring-security-core@3.0.8.RELEASE", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-28ru-qm8a-skg3" }, { "vulnerability": "VCID-46dm-5t83-tyh6" }, { "vulnerability": "VCID-aygn-9njz-ybfh" }, { "vulnerability": "VCID-vh4r-sk3t-eqe3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-core@3.0.8.RELEASE" }, { "url": "http://public2.vulnerablecode.io/api/packages/156064?format=api", "purl": "pkg:maven/org.springframework.security/spring-security-core@3.1.3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-core@3.1.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/51342?format=api", "purl": "pkg:maven/org.springframework.security/spring-security-core@3.1.3.RELEASE", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-28ru-qm8a-skg3" }, { "vulnerability": "VCID-46dm-5t83-tyh6" }, { "vulnerability": "VCID-aygn-9njz-ybfh" }, { "vulnerability": "VCID-vh4r-sk3t-eqe3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-core@3.1.3.RELEASE" } ], "aliases": [ "CVE-2012-5055", "GHSA-3533-rvpc-6x56" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-m3ht-28wc-yyeg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/5680?format=api", "vulnerability_id": "VCID-vh4r-sk3t-eqe3", "summary": "privilege escalation", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-22112.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-22112.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-22112", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00979", "scoring_system": "epss", "scoring_elements": "0.77093", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-22112" }, { "reference_url": "https://github.com/spring-projects/spring-security", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/spring-projects/spring-security" }, { "reference_url": "https://github.com/spring-projects/spring-security/releases/tag/5.4.4", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/spring-projects/spring-security/releases/tag/5.4.4" }, { "reference_url": "https://lists.apache.org/thread.html/r163b3e4e39803882f5be05ee8606b2b9812920e196daa2a82997ce14@%3Cpluto-dev.portals.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r163b3e4e39803882f5be05ee8606b2b9812920e196daa2a82997ce14@%3Cpluto-dev.portals.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r2cb05e499807900ba23e539643eead9c5f0652fd271f223f89da1804@%3Cpluto-scm.portals.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r2cb05e499807900ba23e539643eead9c5f0652fd271f223f89da1804@%3Cpluto-scm.portals.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r37423ec7eea340e92a409452c35b649dce02fdc467f0b3f52086c177@%3Cpluto-dev.portals.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r37423ec7eea340e92a409452c35b649dce02fdc467f0b3f52086c177@%3Cpluto-dev.portals.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r3868207b967f926819fe3aa8d33f1666429be589bb4a62104a49f4e3@%3Cpluto-dev.portals.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r3868207b967f926819fe3aa8d33f1666429be589bb4a62104a49f4e3@%3Cpluto-dev.portals.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r390783b3b1c59b978131ac08390bf77fbb3863270cbde59d5b0f5fde@%3Cpluto-dev.portals.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r390783b3b1c59b978131ac08390bf77fbb3863270cbde59d5b0f5fde@%3Cpluto-dev.portals.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r413e380088c427f56102968df89ef2f336473e1b56b7d4b3a571a378@%3Cpluto-dev.portals.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r413e380088c427f56102968df89ef2f336473e1b56b7d4b3a571a378@%3Cpluto-dev.portals.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r89aa1b48a827f5641310305214547f1d6b2101971a49b624737c497f@%3Cpluto-dev.portals.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r89aa1b48a827f5641310305214547f1d6b2101971a49b624737c497f@%3Cpluto-dev.portals.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/ra53677224fe4f04c2599abc88032076faa18dc84b329cdeba85d4cfc@%3Cpluto-scm.portals.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/ra53677224fe4f04c2599abc88032076faa18dc84b329cdeba85d4cfc@%3Cpluto-scm.portals.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/ra6389b1b82108a3b6bbcd22979f7665fd437c2a3408c9509a15a9ca1@%3Cpluto-dev.portals.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/ra6389b1b82108a3b6bbcd22979f7665fd437c2a3408c9509a15a9ca1@%3Cpluto-dev.portals.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/redbd004a503b3520ae5746c2ab5e93fd7da807a8c128e60d2002cd9b@%3Cissues.nifi.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/redbd004a503b3520ae5746c2ab5e93fd7da807a8c128e60d2002cd9b@%3Cissues.nifi.apache.org%3E" }, { "reference_url": "https://www.jenkins.io/security/advisory/2021-02-19", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.jenkins.io/security/advisory/2021-02-19" }, { "reference_url": "https://www.oracle.com/security-alerts/cpuApr2021.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.oracle.com/security-alerts/cpuApr2021.html" }, { "reference_url": "https://www.oracle.com//security-alerts/cpujul2021.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.oracle.com//security-alerts/cpujul2021.html" }, { "reference_url": "https://www.oracle.com/security-alerts/cpuoct2021.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.oracle.com/security-alerts/cpuoct2021.html" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2021/02/19/7", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2021/02/19/7" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1931453", "reference_id": "1931453", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1931453" }, { "reference_url": "https://security.archlinux.org/AVG-1595", "reference_id": "AVG-1595", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1595" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-22112", "reference_id": "CVE-2021-22112", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-22112" }, { "reference_url": "https://tanzu.vmware.com/security/cve-2021-22112", "reference_id": "CVE-2021-22112", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://tanzu.vmware.com/security/cve-2021-22112" }, { "reference_url": "https://github.com/advisories/GHSA-gq28-h5vg-8prx", "reference_id": "GHSA-gq28-h5vg-8prx", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-gq28-h5vg-8prx" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/79810?format=api", "purl": "pkg:maven/org.springframework.security/spring-security-core@5.2.9", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-core@5.2.9" }, { "url": "http://public2.vulnerablecode.io/api/packages/289983?format=api", "purl": "pkg:maven/org.springframework.security/spring-security-core@5.2.9.RELEASE", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-core@5.2.9.RELEASE" }, { "url": "http://public2.vulnerablecode.io/api/packages/79809?format=api", "purl": "pkg:maven/org.springframework.security/spring-security-core@5.3.9", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-core@5.3.9" }, { "url": "http://public2.vulnerablecode.io/api/packages/289990?format=api", "purl": "pkg:maven/org.springframework.security/spring-security-core@5.3.9.RELEASE", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-core@5.3.9.RELEASE" }, { "url": "http://public2.vulnerablecode.io/api/packages/79808?format=api", "purl": "pkg:maven/org.springframework.security/spring-security-core@5.4.4", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-core@5.4.4" } ], "aliases": [ "CVE-2021-22112", "GHSA-gq28-h5vg-8prx" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vh4r-sk3t-eqe3" } ], "fixing_vulnerabilities": [], "risk_score": "4.0", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-core@2.0.0" }