Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:maven/org.springframework/spring-core@4.3.16.RELEASE
purl pkg:maven/org.springframework/spring-core@4.3.16.RELEASE
Next non-vulnerable version 4.3.17
Latest non-vulnerable version 6.2.11
Risk
Vulnerabilities affecting this package (1)
Vulnerability Summary Fixed by
VCID-fra1-reqm-kfdb
Aliases:
CVE-2020-5421
GHSA-rv39-3qh7-9v7w
Remote file disclosure In Spring Framework the protections against RFD attacks from CVE-2015-5211 may be bypassed depending on the browser used through the use of a jsessionid path parameter.
4.3.28.RELEASE
Affected by 0 other vulnerabilities.
4.3.29.RELEASE
Affected by 0 other vulnerabilities.
5.0.18.RELEASE
Affected by 0 other vulnerabilities.
5.0.19.RELEASE
Affected by 0 other vulnerabilities.
5.1.17.RELEASE
Affected by 0 other vulnerabilities.
5.1.18.RELEASE
Affected by 0 other vulnerabilities.
5.2.8.RELEASE
Affected by 0 other vulnerabilities.
5.2.9.RELEASE
Affected by 0 other vulnerabilities.
Vulnerabilities fixed by this package (1)
Vulnerability Summary Aliases
VCID-72ga-q9u7-sfav Improperly Implemented Security Check for Standard Spring Framework allow applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to the broker that can lead to a remote code execution attack. CVE-2018-1275
GHSA-3rmv-2pg5-xvqj

Date Actor Action Vulnerability Source VulnerableCode Version
2026-06-04T20:39:06.663721+00:00 GitLab Importer Affected by VCID-fra1-reqm-kfdb https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.springframework/spring-core/CVE-2020-5421.yml 38.6.0
2026-06-04T20:16:04.078466+00:00 GitLab Importer Fixing VCID-72ga-q9u7-sfav https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.springframework/spring-core/CVE-2018-1275.yml 38.6.0