VulnerableCode Package Details - pkg:maven/org.springframework/spring-webmvc@5.2.3.RELEASE

Search for packages

Vulnerability	Summary	Fixed by
VCID-fra1-reqm-kfdb Aliases: CVE-2020-5421 GHSA-rv39-3qh7-9v7w	Remote file disclosure In Spring Framework the protections against RFD attacks from CVE-2015-5211 may be bypassed depending on the browser used through the use of a jsessionid path parameter.	5.2.8.RELEASE Affected by 0 other vulnerabilities. 5.2.9.RELEASE Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-fra1-reqm-kfdb
Aliases:
CVE-2020-5421
GHSA-rv39-3qh7-9v7w

Remote file disclosure In Spring Framework the protections against RFD attacks from CVE-2015-5211 may be bypassed depending on the browser used through the use of a jsessionid path parameter.

5.2.8.RELEASE
Affected by 0 other vulnerabilities.

5.2.9.RELEASE
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
VCID-6pkk-3mj7-jyag	Cross-Site Request Forgery (CSRF) Spring Framework is vulnerable to CSRF attacks through CORS preflight requests that target Spring MVC (spring-webmvc module) or Spring WebFlux (spring-webflux module) endpoints.	CVE-2020-5397 GHSA-7pm4-g2qj-j85x
VCID-tsjn-scdc-fqh3	Download of Code Without Integrity Check In Spring Framework, an application is vulnerable to a reflected file download (RFD) attack when it sets a `Content-Disposition` header in the response where the filename attribute is derived from user supplied input.	CVE-2020-5398 GHSA-8wx2-9q48-vm9r

Vulnerability

Summary

Aliases

VCID-6pkk-3mj7-jyag

Cross-Site Request Forgery (CSRF) Spring Framework is vulnerable to CSRF attacks through CORS preflight requests that target Spring MVC (spring-webmvc module) or Spring WebFlux (spring-webflux module) endpoints.

CVE-2020-5397
GHSA-7pm4-g2qj-j85x

VCID-tsjn-scdc-fqh3

Download of Code Without Integrity Check In Spring Framework, an application is vulnerable to a reflected file download (RFD) attack when it sets a `Content-Disposition` header in the response where the filename attribute is derived from user supplied input.

CVE-2020-5398
GHSA-8wx2-9q48-vm9r

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-06-04T20:39:09.767571+00:00	GitLab Importer	Affected by	VCID-fra1-reqm-kfdb	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.springframework/spring-webmvc/CVE-2020-5421.yml	38.6.0
2026-06-04T17:23:11.483024+00:00	GithubOSV Importer	Fixing	VCID-tsjn-scdc-fqh3	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2020/01/GHSA-8wx2-9q48-vm9r/GHSA-8wx2-9q48-vm9r.json	38.6.0
2026-06-04T16:19:44.561557+00:00	GitLab Importer	Fixing	VCID-tsjn-scdc-fqh3	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.springframework/spring-webmvc/CVE-2020-5398.yml	38.6.0
2026-06-04T16:19:44.522682+00:00	GitLab Importer	Fixing	VCID-6pkk-3mj7-jyag	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.springframework/spring-webmvc/CVE-2020-5397.yml	38.6.0