Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:maven/org.springframework/spring@2.5.6
purl pkg:maven/org.springframework/spring@2.5.6
Next non-vulnerable version 2.5.6.SEC01
Latest non-vulnerable version 5.3.26
Risk 10.0
Vulnerabilities affecting this package (1)
Vulnerability Summary Fixed by
VCID-dv5y-1z97-ayhs
Aliases:
CVE-2010-1622
GHSA-vpr3-f594-mg5g
Remote classloader modification This package allows remote attackers to execute arbitrary code via an HTTP request containing `class.classLoader.URLs[0]=jar:` followed by a URL of a crafted `.jar` file.
2.5.6.SEC01
Affected by 0 other vulnerabilities.
2.5.7
Affected by 0 other vulnerabilities.
3.0.3
Affected by 0 other vulnerabilities.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-16T21:52:33.876299+00:00 GitLab Importer Affected by VCID-dv5y-1z97-ayhs https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.springframework/spring/CVE-2010-1622.yml 38.4.0
2026-04-11T23:08:16.156627+00:00 GitLab Importer Affected by VCID-dv5y-1z97-ayhs https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.springframework/spring/CVE-2010-1622.yml 38.3.0
2026-04-04T14:31:29.349464+00:00 GHSA Importer Affected by VCID-dv5y-1z97-ayhs https://github.com/advisories/GHSA-vpr3-f594-mg5g 38.1.0
2026-04-02T23:16:47.752519+00:00 GitLab Importer Affected by VCID-dv5y-1z97-ayhs https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.springframework/spring/CVE-2010-1622.yml 38.1.0
2026-04-01T12:50:42.959199+00:00 GitLab Importer Affected by VCID-dv5y-1z97-ayhs https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.springframework/spring/CVE-2010-1622.yml 38.0.0