Search for packages
| purl | pkg:maven/org.springframework/spring-messaging@5.0.0.RELEASE |
| Next non-vulnerable version | 5.2.22.RELEASE |
| Latest non-vulnerable version | 5.3.20 |
| Risk | 10.0 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-72ga-q9u7-sfav
Aliases: CVE-2018-1275 GHSA-3rmv-2pg5-xvqj |
Improperly Implemented Security Check for Standard Spring Framework allow applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to the broker that can lead to a remote code execution attack. |
Affected by 3 other vulnerabilities. |
|
VCID-fbxq-3v82-yket
Aliases: CVE-2018-1257 GHSA-rcpf-vj53-7h2m |
Improper Input Validation Spring Framework allows applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to the broker that can lead to a regular expression, denial of service attack. |
Affected by 2 other vulnerabilities. |
|
VCID-fra1-reqm-kfdb
Aliases: CVE-2020-5421 GHSA-rv39-3qh7-9v7w |
Remote file disclosure In Spring Framework the protections against RFD attacks from CVE-2015-5211 may be bypassed depending on the browser used through the use of a jsessionid path parameter. |
Affected by 1 other vulnerability. Affected by 1 other vulnerability. Affected by 1 other vulnerability. Affected by 1 other vulnerability. Affected by 1 other vulnerability. Affected by 1 other vulnerability. |
|
VCID-haqr-jpvm-eqck
Aliases: CVE-2018-1270 GHSA-p5hg-3xm3-gcjg |
Improper Control of Generation of Code ('Code Injection') Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to the broker that can lead to a remote code execution attack. |
Affected by 3 other vulnerabilities. |
|
VCID-uvga-6hdm-3kda
Aliases: CVE-2022-22971 GHSA-rqph-vqwm-22vc |
Allocation of Resources Without Limits or Throttling In spring framework versions prior to 5.3.20+, 5.2.22+ and old unsupported versions, application with a STOMP over WebSocket endpoint is vulnerable to a denial of service attack by an authenticated user. |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-06-06T01:54:43.177765+00:00 | GitLab Importer | Affected by | VCID-uvga-6hdm-3kda | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.springframework/spring-messaging/CVE-2022-22971.yml | 38.6.0 |
| 2026-06-05T21:07:12.867678+00:00 | GHSA Importer | Affected by | VCID-72ga-q9u7-sfav | https://github.com/advisories/GHSA-3rmv-2pg5-xvqj | 38.6.0 |
| 2026-06-05T21:07:12.088832+00:00 | GHSA Importer | Affected by | VCID-haqr-jpvm-eqck | https://github.com/advisories/GHSA-p5hg-3xm3-gcjg | 38.6.0 |
| 2026-06-04T20:39:08.306191+00:00 | GitLab Importer | Affected by | VCID-fra1-reqm-kfdb | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.springframework/spring-messaging/CVE-2020-5421.yml | 38.6.0 |
| 2026-06-02T04:37:41.543195+00:00 | GitLab Importer | Affected by | VCID-fbxq-3v82-yket | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.springframework/spring-messaging/CVE-2018-1257.yml | 38.6.0 |