VulnerableCode Package Details - pkg:maven/org.springframework/spring-websocket@4.1.5.RELEASE

Search for packages

Vulnerability	Summary	Fixed by
VCID-ec6g-dnjb-vycb Aliases: CVE-2015-5211 GHSA-pgf9-h69p-pcgf	Under some situations, the Spring Framework 4.2.0 to 4.2.1, 4.0.0 to 4.1.7, 3.2.0 to 3.2.14 and older unsupported versions is vulnerable to a Reflected File Download (RFD) attack. The attack involves a malicious user crafting a URL with a batch script extension that results in the response being downloaded rather than rendered and also includes some input reflected in the response.	4.1.8.RELEASE Affected by 0 other vulnerabilities. 4.2.2.RELEASE Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-ec6g-dnjb-vycb
Aliases:
CVE-2015-5211
GHSA-pgf9-h69p-pcgf

Under some situations, the Spring Framework 4.2.0 to 4.2.1, 4.0.0 to 4.1.7, 3.2.0 to 3.2.14 and older unsupported versions is vulnerable to a Reflected File Download (RFD) attack. The attack involves a malicious user crafting a URL with a batch script extension that results in the response being downloaded rather than rendered and also includes some input reflected in the response.

4.1.8.RELEASE
Affected by 0 other vulnerabilities.

4.2.2.RELEASE
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
VCID-6zda-pv5y-uybt	The Java SockJS client in Pivotal Spring Framework 4.1.x before 4.1.5 generates predictable session ids, which allows remote attackers to send messages to other sessions via unspecified vectors.	CVE-2015-0201 GHSA-45vg-2v73-vm62

Vulnerability

Summary

Aliases

VCID-6zda-pv5y-uybt

The Java SockJS client in Pivotal Spring Framework 4.1.x before 4.1.5 generates predictable session ids, which allows remote attackers to send messages to other sessions via unspecified vectors.

CVE-2015-0201
GHSA-45vg-2v73-vm62

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-16T20:37:04.339050+00:00	GitLab Importer	Affected by	VCID-ec6g-dnjb-vycb	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.springframework/spring-websocket/CVE-2015-5211.yml	38.4.0
2026-04-16T20:32:18.545219+00:00	GitLab Importer	Fixing	VCID-6zda-pv5y-uybt	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.springframework/spring-websocket/CVE-2015-0201.yml	38.4.0
2026-04-11T21:47:40.449038+00:00	GitLab Importer	Affected by	VCID-ec6g-dnjb-vycb	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.springframework/spring-websocket/CVE-2015-5211.yml	38.3.0
2026-04-11T21:42:41.996796+00:00	GitLab Importer	Fixing	VCID-6zda-pv5y-uybt	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.springframework/spring-websocket/CVE-2015-0201.yml	38.3.0
2026-04-02T22:01:36.251427+00:00	GitLab Importer	Affected by	VCID-ec6g-dnjb-vycb	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.springframework/spring-websocket/CVE-2015-5211.yml	38.1.0
2026-04-02T21:56:51.399154+00:00	GitLab Importer	Fixing	VCID-6zda-pv5y-uybt	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.springframework/spring-websocket/CVE-2015-0201.yml	38.1.0
2026-04-01T16:18:48.260835+00:00	GitLab Importer	Affected by	VCID-ec6g-dnjb-vycb	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.springframework/spring-websocket/CVE-2015-5211.yml	38.0.0
2026-04-01T12:46:56.471374+00:00	GitLab Importer	Fixing	VCID-6zda-pv5y-uybt	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.springframework/spring-websocket/CVE-2015-0201.yml	38.0.0