Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:maven/org.springframework/spring-messaging@4.3.16.RELEASE
purl pkg:maven/org.springframework/spring-messaging@4.3.16.RELEASE
Next non-vulnerable version 5.2.22.RELEASE
Latest non-vulnerable version 5.3.20
Risk 3.1
Vulnerabilities affecting this package (3)
Vulnerability Summary Fixed by
VCID-bpme-zq57-4uh7
Aliases:
CVE-2018-1257
GHSA-rcpf-vj53-7h2m
Spring Framework, versions 5.0.x prior to 5.0.6, versions 4.3.x prior to 4.3.17, and older unsupported versions allows applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to the broker that can lead to a regular expression, denial of service attack.
4.3.17.RELEASE
Affected by 2 other vulnerabilities.
5.0.6.RELEASE
Affected by 2 other vulnerabilities.
VCID-k17s-ttg2-ubgj
Aliases:
CVE-2022-22971
GHSA-rqph-vqwm-22vc
Allocation of Resources Without Limits or Throttling In spring framework versions prior to 5.3.20+, 5.2.22+ and old unsupported versions, application with a STOMP over WebSocket endpoint is vulnerable to a denial of service attack by an authenticated user.
5.2.22.RELEASE
Affected by 0 other vulnerabilities.
5.3.20
Affected by 0 other vulnerabilities.
VCID-y3uz-etva-sufh
Aliases:
CVE-2020-5421
GHSA-rv39-3qh7-9v7w
Improper Input Validation in Spring Framework In Spring Framework versions 5.2.0 - 5.2.8, 5.1.0 - 5.1.17, 5.0.0 - 5.0.18, 4.3.0 - 4.3.28, and older unsupported versions, the protections against RFD attacks from CVE-2015-5211 may be bypassed depending on the browser used through the use of a jsessionid path parameter.
4.3.28.RELEASE
Affected by 1 other vulnerability.
4.3.29.RELEASE
Affected by 1 other vulnerability.
5.0.18.RELEASE
Affected by 1 other vulnerability.
5.0.19.RELEASE
Affected by 1 other vulnerability.
5.1.17.RELEASE
Affected by 1 other vulnerability.
5.1.18.RELEASE
Affected by 1 other vulnerability.
5.2.8.RELEASE
Affected by 1 other vulnerability.
5.2.9.RELEASE
Affected by 1 other vulnerability.
Vulnerabilities fixed by this package (2)
Vulnerability Summary Aliases
VCID-3rev-eg6f-tkb7 Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.16 and older unsupported versions, allow applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to the broker that can lead to a remote code execution attack. This CVE addresses the partial fix for CVE-2018-1270 in the 4.3.x branch of the Spring Framework. CVE-2018-1275
GHSA-3rmv-2pg5-xvqj
VCID-4sj2-j914-9yfb Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to the broker that can lead to a remote code execution attack. CVE-2018-1270
GHSA-p5hg-3xm3-gcjg

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-16T21:49:34.532153+00:00 GitLab Importer Affected by VCID-k17s-ttg2-ubgj https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.springframework/spring-messaging/CVE-2022-22971.yml 38.4.0
2026-04-16T21:12:04.947363+00:00 GitLab Importer Affected by VCID-y3uz-etva-sufh https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.springframework/spring-messaging/CVE-2020-5421.yml 38.4.0
2026-04-16T20:48:55.491857+00:00 GitLab Importer Fixing VCID-4sj2-j914-9yfb https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.springframework/spring-messaging/CVE-2018-1270.yml 38.4.0
2026-04-16T20:42:54.452684+00:00 GitLab Importer Affected by VCID-bpme-zq57-4uh7 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.springframework/spring-messaging/CVE-2018-1257.yml 38.4.0
2026-04-11T23:05:35.992461+00:00 GitLab Importer Affected by VCID-k17s-ttg2-ubgj https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.springframework/spring-messaging/CVE-2022-22971.yml 38.3.0
2026-04-11T22:24:02.634139+00:00 GitLab Importer Affected by VCID-y3uz-etva-sufh https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.springframework/spring-messaging/CVE-2020-5421.yml 38.3.0
2026-04-11T21:59:53.487635+00:00 GitLab Importer Fixing VCID-4sj2-j914-9yfb https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.springframework/spring-messaging/CVE-2018-1270.yml 38.3.0
2026-04-11T21:53:32.197453+00:00 GitLab Importer Affected by VCID-bpme-zq57-4uh7 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.springframework/spring-messaging/CVE-2018-1257.yml 38.3.0
2026-04-02T23:13:50.934122+00:00 GitLab Importer Affected by VCID-k17s-ttg2-ubgj https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.springframework/spring-messaging/CVE-2022-22971.yml 38.1.0
2026-04-02T22:35:59.567555+00:00 GitLab Importer Affected by VCID-y3uz-etva-sufh https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.springframework/spring-messaging/CVE-2020-5421.yml 38.1.0
2026-04-02T22:13:02.629416+00:00 GitLab Importer Fixing VCID-4sj2-j914-9yfb https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.springframework/spring-messaging/CVE-2018-1270.yml 38.1.0
2026-04-02T22:07:15.366569+00:00 GitLab Importer Affected by VCID-bpme-zq57-4uh7 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.springframework/spring-messaging/CVE-2018-1257.yml 38.1.0
2026-04-01T17:33:50.866489+00:00 GitLab Importer Affected by VCID-k17s-ttg2-ubgj https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.springframework/spring-messaging/CVE-2022-22971.yml 38.0.0
2026-04-01T16:53:14.848418+00:00 GitLab Importer Affected by VCID-y3uz-etva-sufh https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.springframework/spring-messaging/CVE-2020-5421.yml 38.0.0
2026-04-01T16:24:19.458640+00:00 GitLab Importer Affected by VCID-bpme-zq57-4uh7 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.springframework/spring-messaging/CVE-2018-1257.yml 38.0.0
2026-04-01T15:56:59.321540+00:00 GHSA Importer Fixing VCID-3rev-eg6f-tkb7 https://github.com/advisories/GHSA-3rmv-2pg5-xvqj 38.0.0
2026-04-01T15:56:59.082045+00:00 GHSA Importer Fixing VCID-4sj2-j914-9yfb https://github.com/advisories/GHSA-p5hg-3xm3-gcjg 38.0.0
2026-04-01T13:03:24.502709+00:00 GithubOSV Importer Fixing VCID-3rev-eg6f-tkb7 https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2018/10/GHSA-3rmv-2pg5-xvqj/GHSA-3rmv-2pg5-xvqj.json 38.0.0
2026-04-01T13:03:22.025378+00:00 GithubOSV Importer Fixing VCID-4sj2-j914-9yfb https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2018/10/GHSA-p5hg-3xm3-gcjg/GHSA-p5hg-3xm3-gcjg.json 38.0.0
2026-04-01T12:48:03.767402+00:00 GitLab Importer Fixing VCID-4sj2-j914-9yfb https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.springframework/spring-messaging/CVE-2018-1270.yml 38.0.0