VulnerableCode Package Details - pkg:maven/org.springframework/spring-webflux@5.2.15.RELEASE

Search for packages

Vulnerability	Summary	Fixed by
VCID-cyjt-4vjn-mbc7 Aliases: CVE-2022-22965 GHSA-36p3-wjmg-h94x GMS-2022-558 GMS-2022-559 GMS-2022-560 GMS-2022-561	Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in org.springframework.boot:spring-boot-starter-webflux.	5.2.20.RELEASE Affected by 0 other vulnerabilities. 5.3.18 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-cyjt-4vjn-mbc7
Aliases:
CVE-2022-22965
GHSA-36p3-wjmg-h94x
GMS-2022-558
GMS-2022-559
GMS-2022-560
GMS-2022-561

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in org.springframework.boot:spring-boot-starter-webflux.

5.2.20.RELEASE
Affected by 0 other vulnerabilities.

5.3.18
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
VCID-cpsj-4k25-wufe	Improper Privilege Management in Spring Framework In Spring Framework, versions 5.2.x prior to 5.2.15 and versions 5.3.x prior to 5.3.7, a WebFlux application is vulnerable to a privilege escalation: by (re)creating the temporary storage directory, a locally authenticated malicious user can read or modify files that have been uploaded to the WebFlux application, or overwrite arbitrary files with multipart request data.	CVE-2021-22118 GHSA-gfwj-fwqj-fp3v

Vulnerability

Summary

Aliases

VCID-cpsj-4k25-wufe

Improper Privilege Management in Spring Framework In Spring Framework, versions 5.2.x prior to 5.2.15 and versions 5.3.x prior to 5.3.7, a WebFlux application is vulnerable to a privilege escalation: by (re)creating the temporary storage directory, a locally authenticated malicious user can read or modify files that have been uploaded to the WebFlux application, or overwrite arbitrary files with multipart request data.

CVE-2021-22118
GHSA-gfwj-fwqj-fp3v

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-16T21:44:00.395672+00:00	GitLab Importer	Affected by	VCID-cyjt-4vjn-mbc7	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.springframework/spring-webflux/CVE-2022-22965.yml	38.4.0
2026-04-16T21:25:24.739955+00:00	GitLab Importer	Fixing	VCID-cpsj-4k25-wufe	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.springframework/spring-webflux/CVE-2021-22118.yml	38.4.0
2026-04-11T22:59:37.389132+00:00	GitLab Importer	Affected by	VCID-cyjt-4vjn-mbc7	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.springframework/spring-webflux/CVE-2022-22965.yml	38.3.0
2026-04-11T22:38:11.141490+00:00	GitLab Importer	Fixing	VCID-cpsj-4k25-wufe	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.springframework/spring-webflux/CVE-2021-22118.yml	38.3.0
2026-04-02T23:08:17.802598+00:00	GitLab Importer	Affected by	VCID-cyjt-4vjn-mbc7	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.springframework/spring-webflux/CVE-2022-22965.yml	38.1.0
2026-04-02T22:48:53.088946+00:00	GitLab Importer	Fixing	VCID-cpsj-4k25-wufe	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.springframework/spring-webflux/CVE-2021-22118.yml	38.1.0
2026-04-01T17:27:44.129772+00:00	GitLab Importer	Affected by	VCID-cyjt-4vjn-mbc7	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.springframework/spring-webflux/CVE-2022-22965.yml	38.0.0
2026-04-01T17:06:44.872107+00:00	GitLab Importer	Fixing	VCID-cpsj-4k25-wufe	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.springframework/spring-webflux/CVE-2021-22118.yml	38.0.0