Search for packages
| purl | pkg:maven/org.springframework/spring-webmvc@5.2.5.RELEASE |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-33up-jmsk-qffx
Aliases: CVE-2026-22745 GHSA-6p4f-wcwh-5vvm |
spring-webflux: Spring MVC and Spring WebFlux: Denial of Service via slow static resource resolution on Windows |
Affected by 2 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-fra1-reqm-kfdb
Aliases: CVE-2020-5421 GHSA-rv39-3qh7-9v7w |
Remote file disclosure In Spring Framework the protections against RFD attacks from CVE-2015-5211 may be bypassed depending on the browser used through the use of a jsessionid path parameter. |
Affected by 4 other vulnerabilities. Affected by 4 other vulnerabilities. |
|
VCID-vr7m-chzs-abfu
Aliases: CVE-2022-22965 GHSA-36p3-wjmg-h94x GMS-2022-558 GMS-2022-559 GMS-2022-560 GMS-2022-561 |
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in org.springframework.boot:spring-boot-starter-webflux. |
Affected by 2 other vulnerabilities. Affected by 3 other vulnerabilities. |
|
VCID-xrqe-h6t7-nkak
Aliases: CVE-2026-22741 GHSA-wg35-8jpf-2xv3 |
Spring MVC: Spring WebFlux: Spring MVC and Spring WebFlux: Denial of Service via cache poisoning |
Affected by 2 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-yqhz-ueqh-kfc4
Aliases: CVE-2022-22950 GHSA-558x-2xjg-6232 |
Allocation of Resources Without Limits or Throttling in Spring Framework In Spring Framework versions 5.3.0 - 5.3.16 and older unsupported versions, it is possible for a user to provide a specially crafted SpEL expression that may cause a Denial of Service. |
Affected by 2 other vulnerabilities. Affected by 4 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||