Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:maven/org.springframework/spring-webflux@5.2.12.RELEASE
purl pkg:maven/org.springframework/spring-webflux@5.2.12.RELEASE
Next non-vulnerable version 5.2.20.RELEASE
Latest non-vulnerable version 7.0.6
Risk 10.0
Vulnerabilities affecting this package (2)
Vulnerability Summary Fixed by
VCID-cpsj-4k25-wufe
Aliases:
CVE-2021-22118
GHSA-gfwj-fwqj-fp3v
Improper Privilege Management in Spring Framework In Spring Framework, versions 5.2.x prior to 5.2.15 and versions 5.3.x prior to 5.3.7, a WebFlux application is vulnerable to a privilege escalation: by (re)creating the temporary storage directory, a locally authenticated malicious user can read or modify files that have been uploaded to the WebFlux application, or overwrite arbitrary files with multipart request data.
5.2.15.RELEASE
Affected by 1 other vulnerability.
5.3.7
Affected by 1 other vulnerability.
VCID-cyjt-4vjn-mbc7
Aliases:
CVE-2022-22965
GHSA-36p3-wjmg-h94x
GMS-2022-558
GMS-2022-559
GMS-2022-560
GMS-2022-561
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in org.springframework.boot:spring-boot-starter-webflux.
5.2.20.RELEASE
Affected by 0 other vulnerabilities.
5.3.18
Affected by 0 other vulnerabilities.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-16T21:44:00.385432+00:00 GitLab Importer Affected by VCID-cyjt-4vjn-mbc7 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.springframework/spring-webflux/CVE-2022-22965.yml 38.4.0
2026-04-16T21:25:24.730637+00:00 GitLab Importer Affected by VCID-cpsj-4k25-wufe https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.springframework/spring-webflux/CVE-2021-22118.yml 38.4.0
2026-04-11T22:59:37.378406+00:00 GitLab Importer Affected by VCID-cyjt-4vjn-mbc7 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.springframework/spring-webflux/CVE-2022-22965.yml 38.3.0
2026-04-11T22:38:11.129020+00:00 GitLab Importer Affected by VCID-cpsj-4k25-wufe https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.springframework/spring-webflux/CVE-2021-22118.yml 38.3.0
2026-04-02T23:08:17.793065+00:00 GitLab Importer Affected by VCID-cyjt-4vjn-mbc7 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.springframework/spring-webflux/CVE-2022-22965.yml 38.1.0
2026-04-02T22:48:53.079231+00:00 GitLab Importer Affected by VCID-cpsj-4k25-wufe https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.springframework/spring-webflux/CVE-2021-22118.yml 38.1.0
2026-04-01T17:27:44.118626+00:00 GitLab Importer Affected by VCID-cyjt-4vjn-mbc7 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.springframework/spring-webflux/CVE-2022-22965.yml 38.0.0
2026-04-01T17:06:44.858370+00:00 GitLab Importer Affected by VCID-cpsj-4k25-wufe https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.springframework/spring-webflux/CVE-2021-22118.yml 38.0.0