VulnerableCode Package Details - pkg:maven/org.springframework/spring-messaging@5.0.6.RELEASE

Search for packages

Vulnerability	Summary	Fixed by
VCID-fra1-reqm-kfdb Aliases: CVE-2020-5421 GHSA-rv39-3qh7-9v7w	Remote file disclosure In Spring Framework the protections against RFD attacks from CVE-2015-5211 may be bypassed depending on the browser used through the use of a jsessionid path parameter.	5.0.18.RELEASE Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} 5.0.19.RELEASE Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} 5.1.17.RELEASE Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} 5.1.18.RELEASE Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} 5.2.8.RELEASE Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} 5.2.9.RELEASE Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-uvga-6hdm-3kda Aliases: CVE-2022-22971 GHSA-rqph-vqwm-22vc	Allocation of Resources Without Limits or Throttling In spring framework versions prior to 5.3.20+, 5.2.22+ and old unsupported versions, application with a STOMP over WebSocket endpoint is vulnerable to a denial of service attack by an authenticated user.	5.2.22.RELEASE Affected by 0 other vulnerabilities. 5.3.20 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-fra1-reqm-kfdb
Aliases:
CVE-2020-5421
GHSA-rv39-3qh7-9v7w

Remote file disclosure In Spring Framework the protections against RFD attacks from CVE-2015-5211 may be bypassed depending on the browser used through the use of a jsessionid path parameter.

5.0.18.RELEASE
Affected by 1 other vulnerability.

5.0.19.RELEASE
Affected by 1 other vulnerability.

5.1.17.RELEASE
Affected by 1 other vulnerability.

5.1.18.RELEASE
Affected by 1 other vulnerability.

5.2.8.RELEASE
Affected by 1 other vulnerability.

5.2.9.RELEASE
Affected by 1 other vulnerability.

VCID-uvga-6hdm-3kda
Aliases:
CVE-2022-22971
GHSA-rqph-vqwm-22vc

Allocation of Resources Without Limits or Throttling In spring framework versions prior to 5.3.20+, 5.2.22+ and old unsupported versions, application with a STOMP over WebSocket endpoint is vulnerable to a denial of service attack by an authenticated user.

5.2.22.RELEASE
Affected by 0 other vulnerabilities.

5.3.20
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
VCID-fbxq-3v82-yket	Improper Input Validation Spring Framework allows applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to the broker that can lead to a regular expression, denial of service attack.	CVE-2018-1257 GHSA-rcpf-vj53-7h2m

Vulnerability

Summary

Aliases

VCID-fbxq-3v82-yket

Improper Input Validation Spring Framework allows applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to the broker that can lead to a regular expression, denial of service attack.

CVE-2018-1257
GHSA-rcpf-vj53-7h2m

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-06-06T01:54:43.201629+00:00	GitLab Importer	Affected by	VCID-uvga-6hdm-3kda	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.springframework/spring-messaging/CVE-2022-22971.yml	38.6.0
2026-06-04T20:39:08.331633+00:00	GitLab Importer	Affected by	VCID-fra1-reqm-kfdb	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.springframework/spring-messaging/CVE-2020-5421.yml	38.6.0
2026-06-02T04:37:41.557784+00:00	GitLab Importer	Fixing	VCID-fbxq-3v82-yket	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.springframework/spring-messaging/CVE-2018-1257.yml	38.6.0