Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:maven/org.springframework/spring@5.3.26
purl pkg:maven/org.springframework/spring@5.3.26
Vulnerabilities affecting this package (0)
Vulnerability Summary Fixed by
This package is not known to be affected by vulnerabilities.
Vulnerabilities fixed by this package (1)
Vulnerability Summary Aliases
VCID-afh4-nhxq-y3he Spring Framework is vulnerable to security bypass via mvcRequestMatcher pattern mismatch Spring Framework running version 6.0.0 - 6.0.6 or 5.3.0 - 5.3.25 using "**" as a pattern in Spring Security configuration with the mvcRequestMatcher creates a mismatch in pattern matching between Spring Security and Spring MVC, and the potential for a security bypass. CVE-2023-20860
GHSA-7phw-cxx7-q9vq

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-16T22:25:40.963291+00:00 GitLab Importer Fixing VCID-afh4-nhxq-y3he https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.springframework/spring/CVE-2023-20860.yml 38.4.0
2026-04-11T23:43:55.109097+00:00 GitLab Importer Fixing VCID-afh4-nhxq-y3he https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.springframework/spring/CVE-2023-20860.yml 38.3.0
2026-04-02T23:47:35.913448+00:00 GitLab Importer Fixing VCID-afh4-nhxq-y3he https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.springframework/spring/CVE-2023-20860.yml 38.1.0
2026-04-02T16:59:13.764725+00:00 GHSA Importer Fixing VCID-afh4-nhxq-y3he https://github.com/advisories/GHSA-7phw-cxx7-q9vq 38.1.0
2026-04-01T12:58:32.346568+00:00 GithubOSV Importer Fixing VCID-afh4-nhxq-y3he https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/03/GHSA-7phw-cxx7-q9vq/GHSA-7phw-cxx7-q9vq.json 38.0.0
2026-04-01T12:51:04.451363+00:00 GitLab Importer Fixing VCID-afh4-nhxq-y3he https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.springframework/spring/CVE-2023-20860.yml 38.0.0