Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:maven/org.springframework/spring-webmvc@6.0.7
purl pkg:maven/org.springframework/spring-webmvc@6.0.7
Next non-vulnerable version 6.0.14
Latest non-vulnerable version 7.0.6
Risk 4.0
Vulnerabilities affecting this package (1)
Vulnerability Summary Fixed by
VCID-85tn-8nj1-xyak
Aliases:
CVE-2023-34053
GHSA-v94h-hvhg-mf9h
Spring Framework vulnerable to denial of service In Spring Framework versions 6.0.0 - 6.0.13, it is possible for a user to provide specially crafted HTTP requests that may cause a denial-of-service (DoS) condition. Specifically, an application is vulnerable when all of the following are true: * the application uses Spring MVC or Spring WebFlux * io.micrometer:micrometer-core is on the classpath * an ObservationRegistry is configured in the application to record observations Typically, Spring Boot applications need the org.springframework.boot:spring-boot-actuator dependency to meet all conditions.
6.0.14
Affected by 0 other vulnerabilities.
Vulnerabilities fixed by this package (1)
Vulnerability Summary Aliases
VCID-afh4-nhxq-y3he Spring Framework is vulnerable to security bypass via mvcRequestMatcher pattern mismatch Spring Framework running version 6.0.0 - 6.0.6 or 5.3.0 - 5.3.25 using "**" as a pattern in Spring Security configuration with the mvcRequestMatcher creates a mismatch in pattern matching between Spring Security and Spring MVC, and the potential for a security bypass. CVE-2023-20860
GHSA-7phw-cxx7-q9vq

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-16T22:44:08.179213+00:00 GitLab Importer Affected by VCID-85tn-8nj1-xyak https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.springframework/spring-webmvc/CVE-2023-34053.yml 38.4.0
2026-04-16T22:25:37.697646+00:00 GitLab Importer Fixing VCID-afh4-nhxq-y3he https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.springframework/spring-webmvc/CVE-2023-20860.yml 38.4.0
2026-04-12T00:03:44.939846+00:00 GitLab Importer Affected by VCID-85tn-8nj1-xyak https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.springframework/spring-webmvc/CVE-2023-34053.yml 38.3.0
2026-04-11T23:43:50.711203+00:00 GitLab Importer Fixing VCID-afh4-nhxq-y3he https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.springframework/spring-webmvc/CVE-2023-20860.yml 38.3.0
2026-04-03T00:08:25.663035+00:00 GitLab Importer Affected by VCID-85tn-8nj1-xyak https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.springframework/spring-webmvc/CVE-2023-34053.yml 38.1.0
2026-04-02T23:47:32.498405+00:00 GitLab Importer Fixing VCID-afh4-nhxq-y3he https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.springframework/spring-webmvc/CVE-2023-20860.yml 38.1.0
2026-04-02T16:59:13.790932+00:00 GHSA Importer Fixing VCID-afh4-nhxq-y3he https://github.com/advisories/GHSA-7phw-cxx7-q9vq 38.1.0
2026-04-01T12:58:32.363132+00:00 GithubOSV Importer Fixing VCID-afh4-nhxq-y3he https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/03/GHSA-7phw-cxx7-q9vq/GHSA-7phw-cxx7-q9vq.json 38.0.0
2026-04-01T12:51:04.306098+00:00 GitLab Importer Fixing VCID-afh4-nhxq-y3he https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.springframework/spring-webmvc/CVE-2023-20860.yml 38.0.0