VulnerableCode Package Details - pkg:maven/org.springframework/spring-core@5.0.6.RELEASE

Search for packages

Vulnerability	Summary	Fixed by
VCID-3p1k-4ges-1fev Aliases: CVE-2019-3795 GHSA-v2r2-7qm7-jj6v	Insufficient Entropy in PRNG Spring Security contain an insecure randomness vulnerability when using `SecureRandomFactoryBean#setSeed` to configure a `SecureRandom` instance. In order to be impacted, an honest application must provide a seed and make the resulting random material available to an attacker for inspection.	5.0.12.RELEASE Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} 5.0.13.RELEASE Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} 5.1.5.RELEASE Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} 5.1.6.RELEASE Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-fra1-reqm-kfdb Aliases: CVE-2020-5421 GHSA-rv39-3qh7-9v7w	Remote file disclosure In Spring Framework the protections against RFD attacks from CVE-2015-5211 may be bypassed depending on the browser used through the use of a jsessionid path parameter.	5.0.18.RELEASE Affected by 0 other vulnerabilities. 5.0.19.RELEASE Affected by 0 other vulnerabilities. 5.1.17.RELEASE Affected by 0 other vulnerabilities. 5.1.18.RELEASE Affected by 0 other vulnerabilities. 5.2.8.RELEASE Affected by 0 other vulnerabilities. 5.2.9.RELEASE Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-3p1k-4ges-1fev
Aliases:
CVE-2019-3795
GHSA-v2r2-7qm7-jj6v

Insufficient Entropy in PRNG Spring Security contain an insecure randomness vulnerability when using `SecureRandomFactoryBean#setSeed` to configure a `SecureRandom` instance. In order to be impacted, an honest application must provide a seed and make the resulting random material available to an attacker for inspection.

5.0.12.RELEASE
Affected by 1 other vulnerability.

5.0.13.RELEASE
Affected by 1 other vulnerability.

5.1.5.RELEASE
Affected by 1 other vulnerability.

5.1.6.RELEASE
Affected by 1 other vulnerability.

VCID-fra1-reqm-kfdb
Aliases:
CVE-2020-5421
GHSA-rv39-3qh7-9v7w

Remote file disclosure In Spring Framework the protections against RFD attacks from CVE-2015-5211 may be bypassed depending on the browser used through the use of a jsessionid path parameter.

5.0.18.RELEASE
Affected by 0 other vulnerabilities.

5.0.19.RELEASE
Affected by 0 other vulnerabilities.

5.1.17.RELEASE
Affected by 0 other vulnerabilities.

5.1.18.RELEASE
Affected by 0 other vulnerabilities.

5.2.8.RELEASE
Affected by 0 other vulnerabilities.

5.2.9.RELEASE
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
VCID-jasw-zntp-nkdd	Incorrect Authorization Spring Framework when used in combination with Spring Security contains an authorization bypass when using method security. An unauthorized malicious user can gain unauthorized access to methods that should be restricted.	CVE-2018-1258 GHSA-cxrj-66c5-9fmh

Vulnerability

Summary

Aliases

VCID-jasw-zntp-nkdd

Incorrect Authorization Spring Framework when used in combination with Spring Security contains an authorization bypass when using method security. An unauthorized malicious user can gain unauthorized access to methods that should be restricted.

CVE-2018-1258
GHSA-cxrj-66c5-9fmh

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-06-04T20:39:06.756820+00:00	GitLab Importer	Affected by	VCID-fra1-reqm-kfdb	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.springframework/spring-core/CVE-2020-5421.yml	38.6.0
2026-06-04T20:20:33.705193+00:00	GitLab Importer	Affected by	VCID-3p1k-4ges-1fev	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.springframework/spring-core/CVE-2019-3795.yml	38.6.0
2026-06-04T18:23:33.110277+00:00	GHSA Importer	Fixing	VCID-jasw-zntp-nkdd	https://github.com/advisories/GHSA-cxrj-66c5-9fmh	38.6.0
2026-06-04T17:38:35.108360+00:00	GithubOSV Importer	Fixing	VCID-jasw-zntp-nkdd	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2018/10/GHSA-cxrj-66c5-9fmh/GHSA-cxrj-66c5-9fmh.json	38.6.0
2026-06-02T04:37:41.504668+00:00	GitLab Importer	Fixing	VCID-jasw-zntp-nkdd	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.springframework/spring-core/CVE-2018-1258.yml	38.6.0