VulnerableCode Package Details - pkg:maven/org.springframework/spring@5.3.0

Search for packages

Vulnerability	Summary	Fixed by
VCID-afh4-nhxq-y3he Aliases: CVE-2023-20860 GHSA-7phw-cxx7-q9vq	Spring Framework is vulnerable to security bypass via mvcRequestMatcher pattern mismatch Spring Framework running version 6.0.0 - 6.0.6 or 5.3.0 - 5.3.25 using "**" as a pattern in Spring Security configuration with the mvcRequestMatcher creates a mismatch in pattern matching between Spring Security and Spring MVC, and the potential for a security bypass.	5.3.26 Affected by 0 other vulnerabilities. 6.0.7 Affected by 0 other vulnerabilities.
VCID-ygpk-fb56-sqa4 Aliases: CVE-2021-22096 GHSA-rfmp-97jj-h8m6	Improper Output Neutralization for Logs in Spring Framework In Spring Framework versions 5.3.0 - 5.3.10, 5.2.0 - 5.2.17, and older unsupported versions, it is possible for a user to provide malicious input to cause the insertion of additional log entries.	5.3.11 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-afh4-nhxq-y3he
Aliases:
CVE-2023-20860
GHSA-7phw-cxx7-q9vq

Spring Framework is vulnerable to security bypass via mvcRequestMatcher pattern mismatch Spring Framework running version 6.0.0 - 6.0.6 or 5.3.0 - 5.3.25 using "**" as a pattern in Spring Security configuration with the mvcRequestMatcher creates a mismatch in pattern matching between Spring Security and Spring MVC, and the potential for a security bypass.

5.3.26
Affected by 0 other vulnerabilities.

6.0.7
Affected by 0 other vulnerabilities.

VCID-ygpk-fb56-sqa4
Aliases:
CVE-2021-22096
GHSA-rfmp-97jj-h8m6

Improper Output Neutralization for Logs in Spring Framework In Spring Framework versions 5.3.0 - 5.3.10, 5.2.0 - 5.2.17, and older unsupported versions, it is possible for a user to provide malicious input to cause the insertion of additional log entries.

5.3.11
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-16T22:02:21.721813+00:00	GitLab Importer	Affected by	VCID-ygpk-fb56-sqa4	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.springframework/spring/CVE-2021-22096.yml	38.4.0
2026-04-11T23:18:01.229537+00:00	GitLab Importer	Affected by	VCID-ygpk-fb56-sqa4	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.springframework/spring/CVE-2021-22096.yml	38.3.0
2026-04-02T23:25:40.287558+00:00	GitLab Importer	Affected by	VCID-ygpk-fb56-sqa4	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.springframework/spring/CVE-2021-22096.yml	38.1.0
2026-04-02T16:59:13.761365+00:00	GHSA Importer	Affected by	VCID-afh4-nhxq-y3he	https://github.com/advisories/GHSA-7phw-cxx7-q9vq	38.1.0
2026-04-01T17:46:28.969159+00:00	GitLab Importer	Affected by	VCID-ygpk-fb56-sqa4	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.springframework/spring/CVE-2021-22096.yml	38.0.0
2026-04-01T16:02:17.636344+00:00	GHSA Importer	Affected by	VCID-ygpk-fb56-sqa4	https://github.com/advisories/GHSA-rfmp-97jj-h8m6	38.0.0