Search for packages
| purl | pkg:maven/org.springframework/spring-beans@5.2.19.RELEASE |
| Next non-vulnerable version | 5.2.22.RELEASE |
| Latest non-vulnerable version | 6.1.14 |
| Risk | 10.0 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-n8kg-ajw8-5yd2
Aliases: CVE-2022-22970 GHSA-hh26-6xwr-ggv7 |
Allocation of Resources Without Limits or Throttling In spring framework versions prior to 5.3.20+, 5.2.22+ and old unsupported versions, applications that handle file uploads is vulnerable to DoS attack if they rely on data binding to set a MultipartFile or javax.servlet.Part to a field in a model object. |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-vr7m-chzs-abfu
Aliases: CVE-2022-22965 GHSA-36p3-wjmg-h94x GMS-2022-558 GMS-2022-559 GMS-2022-560 GMS-2022-561 |
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in org.springframework.boot:spring-boot-starter-webflux. |
Affected by 0 other vulnerabilities. Affected by 1 other vulnerability. Affected by 1 other vulnerability. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-06-06T01:52:32.554067+00:00 | GitLab Importer | Affected by | VCID-n8kg-ajw8-5yd2 | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.springframework/spring-beans/CVE-2022-22970.yml | 38.6.0 |
| 2026-06-06T01:38:57.114382+00:00 | GitLab Importer | Affected by | VCID-vr7m-chzs-abfu | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.springframework/spring-beans/GMS-2022-558.yml | 38.6.0 |