Search for packages
| purl | pkg:deb/debian/libspring-java@0?distro=trixie |
| Vulnerability | Summary | Fixed by |
|---|---|---|
| This package is not known to be affected by vulnerabilities. | ||
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-3rev-eg6f-tkb7 | Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.16 and older unsupported versions, allow applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to the broker that can lead to a remote code execution attack. This CVE addresses the partial fix for CVE-2018-1270 in the 4.3.x branch of the Spring Framework. |
CVE-2018-1275
GHSA-3rmv-2pg5-xvqj |
| VCID-6zda-pv5y-uybt | The Java SockJS client in Pivotal Spring Framework 4.1.x before 4.1.5 generates predictable session ids, which allows remote attackers to send messages to other sessions via unspecified vectors. |
CVE-2015-0201
GHSA-45vg-2v73-vm62 |
| VCID-85tn-8nj1-xyak | Spring Framework vulnerable to denial of service In Spring Framework versions 6.0.0 - 6.0.13, it is possible for a user to provide specially crafted HTTP requests that may cause a denial-of-service (DoS) condition. Specifically, an application is vulnerable when all of the following are true: * the application uses Spring MVC or Spring WebFlux * io.micrometer:micrometer-core is on the classpath * an ObservationRegistry is configured in the application to record observations Typically, Spring Boot applications need the org.springframework.boot:spring-boot-actuator dependency to meet all conditions. |
CVE-2023-34053
GHSA-v94h-hvhg-mf9h |
| VCID-cpsj-4k25-wufe | Improper Privilege Management in Spring Framework In Spring Framework, versions 5.2.x prior to 5.2.15 and versions 5.3.x prior to 5.3.7, a WebFlux application is vulnerable to a privilege escalation: by (re)creating the temporary storage directory, a locally authenticated malicious user can read or modify files that have been uploaded to the WebFlux application, or overwrite arbitrary files with multipart request data. |
CVE-2021-22118
GHSA-gfwj-fwqj-fp3v |
| VCID-fv26-nhx4-dqd3 | Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to configure Spring MVC to serve static resources (e.g. CSS, JS, images). When static resources are served from a file system on Windows (as opposed to the classpath, or the ServletContext), a malicious user can send a request using a specially crafted URL that can lead a directory traversal attack. |
CVE-2018-1271
GHSA-g8hw-794c-4j9g |
| VCID-kqpg-9cqw-nuen | The ActiveDirectoryLdapAuthenticator in Spring Security 3.2.0 to 3.2.1 and 3.1.0 to 3.1.5 does not check the password length. If the directory allows anonymous binds then it may incorrectly authenticate a user who supplies an empty password. |
CVE-2014-0097
GHSA-gv9v-c375-hvmg |
| VCID-q4ad-g67b-efaj | Spring Framework vulnerable to a reflected file download (RFD) ### Description In Spring Framework, versions 6.0.x as of 6.0.5, versions 6.1.x and 6.2.x, an application is vulnerable to a reflected file download (RFD) attack when it sets a “Content-Disposition” header with a non-ASCII charset, where the filename attribute is derived from user-supplied input. Specifically, an application is vulnerable when all the following are true: - The header is prepared with `org.springframework.http.ContentDisposition`. - The filename is set via `ContentDisposition.Builder#filename(String, Charset)`. - The value for the filename is derived from user-supplied input. - The application does not sanitize the user-supplied input. - The downloaded content of the response is injected with malicious commands by the attacker (see RFD paper reference for details). An application is not vulnerable if any of the following is true: - The application does not set a “Content-Disposition” response header. - The header is not prepared with `org.springframework.http.ContentDisposition`. - The filename is set via one of: - `ContentDisposition.Builder#filename(String)`, or - `ContentDisposition.Builder#filename(String, ASCII)` - The filename is not derived from user-supplied input. - The filename is derived from user-supplied input but sanitized by the application. - The attacker cannot inject malicious content in the downloaded content of the response. ### Affected Spring Products and VersionsSpring Framework - 6.2.0 - 6.2.7 - 6.1.0 - 6.1.20 - 6.0.5 - 6.0.28 - Older, unsupported versions are not affected ### Mitigation Users of affected versions should upgrade to the corresponding fixed version. | Affected version(s) | Fix version | Availability | | - | - | - | | 6.2.x | 6.2.8 | OSS | | 6.1.x | 6.1.21 | OSS | | 6.0.x | 6.0.29 | [Commercial](https://enterprise.spring.io/) | No further mitigation steps are necessary. |
CVE-2025-41234
GHSA-6r3c-xf4w-jxjm |
| VCID-s7s7-tzq3-m3bc | Spring Framework server Web DoS Vulnerability In Spring Framework versions 6.0.15 and 6.1.2, it is possible for a user to provide specially crafted HTTP requests that may cause a denial-of-service (DoS) condition. Specifically, an application is vulnerable when all of the following are true: * the application uses Spring MVC * Spring Security 6.1.6+ or 6.2.1+ is on the classpath Typically, Spring Boot applications need the org.springframework.boot:spring-boot-starter-web and org.springframework.boot:spring-boot-starter-security dependencies to meet all conditions. |
CVE-2024-22233
GHSA-r4q3-7g4q-x89m |
| VCID-u7kk-c6fm-judy | RFD attack via Content-Disposition header sourced from request input by Spring MVC or Spring WebFlux Application In Spring Framework, versions 5.2.x prior to 5.2.3, versions 5.1.x prior to 5.1.13, and versions 5.0.x prior to 5.0.16, an application is vulnerable to a reflected file download (RFD) attack when it sets a "Content-Disposition" header in the response where the filename attribute is derived from user supplied input. |
CVE-2020-5398
GHSA-8wx2-9q48-vm9r |
| VCID-vac6-v6g7-a7e3 | CSRF attack via CORS preflight requests with Spring MVC or Spring WebFlux Spring Framework, versions 5.2.x prior to 5.2.3 are vulnerable to CSRF attacks through CORS preflight requests that target Spring MVC (spring-webmvc module) or Spring WebFlux (spring-webflux module) endpoints. Only non-authenticated endpoints are vulnerable because preflight requests should not include credentials and therefore requests should fail authentication. However a notable exception to this are Chrome based browsers when using client certificates for authentication since Chrome sends TLS client certificates in CORS preflight requests in violation of spec requirements. No HTTP body can be sent or received as a result of this attack. |
CVE-2020-5397
GHSA-7pm4-g2qj-j85x |