VulnerableCode Package Details - pkg:maven/org.springframework/spring-websocket@4.1.2.RELEASE

Search for packages

Vulnerability	Summary	Fixed by
VCID-6zda-pv5y-uybt Aliases: CVE-2015-0201 GHSA-45vg-2v73-vm62	The Java SockJS client in Pivotal Spring Framework 4.1.x before 4.1.5 generates predictable session ids, which allows remote attackers to send messages to other sessions via unspecified vectors.	4.1.5.RELEASE Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-ec6g-dnjb-vycb Aliases: CVE-2015-5211 GHSA-pgf9-h69p-pcgf	Under some situations, the Spring Framework 4.2.0 to 4.2.1, 4.0.0 to 4.1.7, 3.2.0 to 3.2.14 and older unsupported versions is vulnerable to a Reflected File Download (RFD) attack. The attack involves a malicious user crafting a URL with a batch script extension that results in the response being downloaded rather than rendered and also includes some input reflected in the response.	4.1.8.RELEASE Affected by 0 other vulnerabilities. 4.2.2.RELEASE Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-6zda-pv5y-uybt
Aliases:
CVE-2015-0201
GHSA-45vg-2v73-vm62

The Java SockJS client in Pivotal Spring Framework 4.1.x before 4.1.5 generates predictable session ids, which allows remote attackers to send messages to other sessions via unspecified vectors.

4.1.5.RELEASE
Affected by 1 other vulnerability.

VCID-ec6g-dnjb-vycb
Aliases:
CVE-2015-5211
GHSA-pgf9-h69p-pcgf

Under some situations, the Spring Framework 4.2.0 to 4.2.1, 4.0.0 to 4.1.7, 3.2.0 to 3.2.14 and older unsupported versions is vulnerable to a Reflected File Download (RFD) attack. The attack involves a malicious user crafting a URL with a batch script extension that results in the response being downloaded rather than rendered and also includes some input reflected in the response.

4.1.8.RELEASE
Affected by 0 other vulnerabilities.

4.2.2.RELEASE
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-16T20:37:04.329599+00:00	GitLab Importer	Affected by	VCID-ec6g-dnjb-vycb	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.springframework/spring-websocket/CVE-2015-5211.yml	38.4.0
2026-04-16T20:32:18.535596+00:00	GitLab Importer	Affected by	VCID-6zda-pv5y-uybt	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.springframework/spring-websocket/CVE-2015-0201.yml	38.4.0
2026-04-11T21:47:40.437930+00:00	GitLab Importer	Affected by	VCID-ec6g-dnjb-vycb	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.springframework/spring-websocket/CVE-2015-5211.yml	38.3.0
2026-04-11T21:42:41.986075+00:00	GitLab Importer	Affected by	VCID-6zda-pv5y-uybt	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.springframework/spring-websocket/CVE-2015-0201.yml	38.3.0
2026-04-02T22:01:36.241644+00:00	GitLab Importer	Affected by	VCID-ec6g-dnjb-vycb	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.springframework/spring-websocket/CVE-2015-5211.yml	38.1.0
2026-04-02T21:56:51.389383+00:00	GitLab Importer	Affected by	VCID-6zda-pv5y-uybt	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.springframework/spring-websocket/CVE-2015-0201.yml	38.1.0
2026-04-01T16:18:48.249950+00:00	GitLab Importer	Affected by	VCID-ec6g-dnjb-vycb	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.springframework/spring-websocket/CVE-2015-5211.yml	38.0.0
2026-04-01T16:14:01.539509+00:00	GitLab Importer	Affected by	VCID-6zda-pv5y-uybt	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.springframework/spring-websocket/CVE-2015-0201.yml	38.0.0