Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:maven/org.springframework.boot/spring-boot@1.3.5.RELEASE
Typemaven
Namespaceorg.springframework.boot
Namespring-boot
Version1.3.5.RELEASE
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version3.0.13
Latest_non_vulnerable_version3.4.5
Affected_by_vulnerabilities
0
url VCID-6sye-grs9-dqfh
vulnerability_id VCID-6sye-grs9-dqfh
summary 
Exposure of Resource to Wrong Sphere
spring-boot versions prior to version v2.2.11.RELEASE was vulnerable to temporary directory hijacking. This vulnerability impacted the `org.springframework.boot.web.server.AbstractConfigurableWebServerFactory.createTempDir` method. NOTE: This vulnerability only affects products and/or versions that are no longer supported by the maintainer.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-27772
reference_id
reference_type
scores
0
value 0.00442
scoring_system epss
scoring_elements 0.63333
published_at 2026-04-29T12:55:00Z
1
value 0.00442
scoring_system epss
scoring_elements 0.63245
published_at 2026-04-07T12:55:00Z
2
value 0.00442
scoring_system epss
scoring_elements 0.63297
published_at 2026-04-08T12:55:00Z
3
value 0.00442
scoring_system epss
scoring_elements 0.63315
published_at 2026-04-09T12:55:00Z
4
value 0.00442
scoring_system epss
scoring_elements 0.63332
published_at 2026-04-11T12:55:00Z
5
value 0.00442
scoring_system epss
scoring_elements 0.63316
published_at 2026-04-16T12:55:00Z
6
value 0.00442
scoring_system epss
scoring_elements 0.63279
published_at 2026-04-13T12:55:00Z
7
value 0.00442
scoring_system epss
scoring_elements 0.63324
published_at 2026-04-18T12:55:00Z
8
value 0.00442
scoring_system epss
scoring_elements 0.63303
published_at 2026-04-21T12:55:00Z
9
value 0.00442
scoring_system epss
scoring_elements 0.63322
published_at 2026-04-24T12:55:00Z
10
value 0.00442
scoring_system epss
scoring_elements 0.63335
published_at 2026-04-26T12:55:00Z
11
value 0.00442
scoring_system epss
scoring_elements 0.63251
published_at 2026-04-02T12:55:00Z
12
value 0.00442
scoring_system epss
scoring_elements 0.6328
published_at 2026-04-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-27772
1
reference_url https://github.com/spring-projects/spring-boot
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/spring-projects/spring-boot
2
reference_url https://github.com/spring-projects/spring-boot/commit/667ccdae84822072f9ea1a27ed5c77964c71002d
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/spring-projects/spring-boot/commit/667ccdae84822072f9ea1a27ed5c77964c71002d
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-27772
reference_id CVE-2022-27772
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-27772
4
reference_url https://github.com/advisories/GHSA-cm59-pr5q-cw85
reference_id GHSA-cm59-pr5q-cw85
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-cm59-pr5q-cw85
5
reference_url https://github.com/JLLeitschuh/security-research/security/advisories/GHSA-cm59-pr5q-cw85
reference_id GHSA-cm59-pr5q-cw85
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/JLLeitschuh/security-research/security/advisories/GHSA-cm59-pr5q-cw85
fixed_packages
0
url pkg:maven/org.springframework.boot/spring-boot@2.2.11.RELEASE
purl pkg:maven/org.springframework.boot/spring-boot@2.2.11.RELEASE
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-k3fg-3bs3-87b9
1
vulnerability VCID-kwk7-s11d-4ygy
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.boot/spring-boot@2.2.11.RELEASE
aliases CVE-2022-27772, GHSA-cm59-pr5q-cw85
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6sye-grs9-dqfh
1
url VCID-g7ce-fs6u-abdp
vulnerability_id VCID-g7ce-fs6u-abdp
summary Malicious PATCH requests submitted to servers using Spring Data REST versions prior to 2.6.9 (Ingalls SR9), versions prior to 3.0.1 (Kay SR1) and Spring Boot versions prior to 1.5.9, 2.0 M6 can use specially crafted JSON data to run arbitrary Java code.
references
0
reference_url https://access.redhat.com/errata/RHSA-2018:2405
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:2405
1
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-8046.json
reference_id
reference_type
scores
0
value 10.0
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-8046.json
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-8046
reference_id
reference_type
scores
0
value 0.93978
scoring_system epss
scoring_elements 0.99892
published_at 2026-04-26T12:55:00Z
1
value 0.93978
scoring_system epss
scoring_elements 0.99887
published_at 2026-04-01T12:55:00Z
2
value 0.93978
scoring_system epss
scoring_elements 0.99888
published_at 2026-04-04T12:55:00Z
3
value 0.93978
scoring_system epss
scoring_elements 0.99889
published_at 2026-04-12T12:55:00Z
4
value 0.93978
scoring_system epss
scoring_elements 0.9989
published_at 2026-04-21T12:55:00Z
5
value 0.93978
scoring_system epss
scoring_elements 0.99891
published_at 2026-04-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-8046
3
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1553024
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=1553024
4
reference_url https://github.com/spring-projects/spring-data-rest
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/spring-projects/spring-data-rest
5
reference_url https://github.com/spring-projects/spring-data-rest/commit/824e51a1304bbc8334ac0b96ffaef588177e6cc
reference_id
reference_type
scores
url https://github.com/spring-projects/spring-data-rest/commit/824e51a1304bbc8334ac0b96ffaef588177e6cc
6
reference_url https://github.com/spring-projects/spring-data-rest/commit/8f269e28fe8038a6c60f31a1c36cfda04795ab45
reference_id
reference_type
scores
url https://github.com/spring-projects/spring-data-rest/commit/8f269e28fe8038a6c60f31a1c36cfda04795ab45
7
reference_url https://github.com/spring-projects/spring-data-rest/issues/1487
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/spring-projects/spring-data-rest/issues/1487
8
reference_url https://github.com/spring-projects/spring-data-rest/issues/1520
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/spring-projects/spring-data-rest/issues/1520
9
reference_url https://jira.spring.io/browse/DATAREST-1127
reference_id
reference_type
scores
url https://jira.spring.io/browse/DATAREST-1127
10
reference_url https://jira.spring.io/browse/DATAREST-1127?redirect=false
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://jira.spring.io/browse/DATAREST-1127?redirect=false
11
reference_url https://jira.spring.io/browse/DATAREST-1152
reference_id
reference_type
scores
url https://jira.spring.io/browse/DATAREST-1152
12
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-8046
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:N/C:P/I:P/A:P
1
value 9.8
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
2
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
3
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2017-8046
13
reference_url https://www.exploit-db.com/exploits/44289/
reference_id
reference_type
scores
url https://www.exploit-db.com/exploits/44289/
14
reference_url http://www.securityfocus.com/bid/100948
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/100948
15
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:pivotal_software:spring_data_rest:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:pivotal_software:spring_data_rest:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:pivotal_software:spring_data_rest:*:*:*:*:*:*:*:*
16
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:pivotal_software:spring_data_rest:3.0.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:pivotal_software:spring_data_rest:3.0.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:pivotal_software:spring_data_rest:3.0.0:*:*:*:*:*:*:*
17
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:pivotal_software:spring_data_rest:3.0.0:m1:*:*:*:*:*:*
reference_id cpe:2.3:a:pivotal_software:spring_data_rest:3.0.0:m1:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:pivotal_software:spring_data_rest:3.0.0:m1:*:*:*:*:*:*
18
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:pivotal_software:spring_data_rest:3.0.0:m2:*:*:*:*:*:*
reference_id cpe:2.3:a:pivotal_software:spring_data_rest:3.0.0:m2:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:pivotal_software:spring_data_rest:3.0.0:m2:*:*:*:*:*:*
19
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:pivotal_software:spring_data_rest:3.0.0:m3:*:*:*:*:*:*
reference_id cpe:2.3:a:pivotal_software:spring_data_rest:3.0.0:m3:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:pivotal_software:spring_data_rest:3.0.0:m3:*:*:*:*:*:*
20
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:pivotal_software:spring_data_rest:3.0.0:m4:*:*:*:*:*:*
reference_id cpe:2.3:a:pivotal_software:spring_data_rest:3.0.0:m4:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:pivotal_software:spring_data_rest:3.0.0:m4:*:*:*:*:*:*
21
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:pivotal_software:spring_data_rest:3.0.0:rc1:*:*:*:*:*:*
reference_id cpe:2.3:a:pivotal_software:spring_data_rest:3.0.0:rc1:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:pivotal_software:spring_data_rest:3.0.0:rc1:*:*:*:*:*:*
22
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:pivotal_software:spring_data_rest:3.0.0:rc2:*:*:*:*:*:*
reference_id cpe:2.3:a:pivotal_software:spring_data_rest:3.0.0:rc2:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:pivotal_software:spring_data_rest:3.0.0:rc2:*:*:*:*:*:*
23
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:pivotal_software:spring_data_rest:3.0.0:rc3:*:*:*:*:*:*
reference_id cpe:2.3:a:pivotal_software:spring_data_rest:3.0.0:rc3:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:pivotal_software:spring_data_rest:3.0.0:rc3:*:*:*:*:*:*
24
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:spring_boot:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:vmware:spring_boot:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:spring_boot:*:*:*:*:*:*:*:*
25
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:spring_boot:2.0.0:milestone1:*:*:*:*:*:*
reference_id cpe:2.3:a:vmware:spring_boot:2.0.0:milestone1:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:spring_boot:2.0.0:milestone1:*:*:*:*:*:*
26
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:spring_boot:2.0.0:milestone2:*:*:*:*:*:*
reference_id cpe:2.3:a:vmware:spring_boot:2.0.0:milestone2:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:spring_boot:2.0.0:milestone2:*:*:*:*:*:*
27
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:spring_boot:2.0.0:milestone3:*:*:*:*:*:*
reference_id cpe:2.3:a:vmware:spring_boot:2.0.0:milestone3:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:spring_boot:2.0.0:milestone3:*:*:*:*:*:*
28
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:spring_boot:2.0.0:milestone4:*:*:*:*:*:*
reference_id cpe:2.3:a:vmware:spring_boot:2.0.0:milestone4:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:spring_boot:2.0.0:milestone4:*:*:*:*:*:*
29
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:spring_boot:2.0.0:milestone5:*:*:*:*:*:*
reference_id cpe:2.3:a:vmware:spring_boot:2.0.0:milestone5:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:spring_boot:2.0.0:milestone5:*:*:*:*:*:*
30
reference_url https://github.com/m3ssap0/spring-break_cve-2017-8046
reference_id CVE-2017-8046
reference_type exploit
scores
url https://github.com/m3ssap0/spring-break_cve-2017-8046
31
reference_url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/java/webapps/44289.java
reference_id CVE-2017-8046
reference_type exploit
scores
url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/java/webapps/44289.java
32
reference_url https://pivotal.io/security/cve-2017-8046
reference_id CVE-2017-8046
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://pivotal.io/security/cve-2017-8046
33
reference_url https://github.com/advisories/GHSA-9qf9-28h9-hqcj
reference_id GHSA-9qf9-28h9-hqcj
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-9qf9-28h9-hqcj
fixed_packages
0
url pkg:maven/org.springframework.boot/spring-boot@1.5.9.RELEASE
purl pkg:maven/org.springframework.boot/spring-boot@1.5.9.RELEASE
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6sye-grs9-dqfh
1
vulnerability VCID-hek3-n96t-bydw
2
vulnerability VCID-k3fg-3bs3-87b9
3
vulnerability VCID-kwk7-s11d-4ygy
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.boot/spring-boot@1.5.9.RELEASE
aliases CVE-2017-8046, GHSA-9qf9-28h9-hqcj
risk_score 10.0
exploitability 2.0
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-g7ce-fs6u-abdp
2
url VCID-hek3-n96t-bydw
vulnerability_id VCID-hek3-n96t-bydw
summary 
Symlink privilege escalation attack via Spring Boot launch script
Spring Boot supports an embedded launch script that can be used to easily run the application as a systemd or init.d linux service. The script included with Spring Boot is susceptible to a symlink attack which allows the `run_user` to overwrite and take ownership of any file on the same system. In order to instigate the attack, the application must be installed as a service and the `run_user` requires shell access to the server.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1196.json
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1196.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-1196
reference_id
reference_type
scores
0
value 0.00604
scoring_system epss
scoring_elements 0.69676
published_at 2026-04-29T12:55:00Z
1
value 0.00604
scoring_system epss
scoring_elements 0.6961
published_at 2026-04-21T12:55:00Z
2
value 0.00604
scoring_system epss
scoring_elements 0.69595
published_at 2026-04-12T12:55:00Z
3
value 0.00604
scoring_system epss
scoring_elements 0.69581
published_at 2026-04-13T12:55:00Z
4
value 0.00604
scoring_system epss
scoring_elements 0.69621
published_at 2026-04-16T12:55:00Z
5
value 0.00604
scoring_system epss
scoring_elements 0.6963
published_at 2026-04-18T12:55:00Z
6
value 0.00604
scoring_system epss
scoring_elements 0.69663
published_at 2026-04-24T12:55:00Z
7
value 0.00604
scoring_system epss
scoring_elements 0.69671
published_at 2026-04-26T12:55:00Z
8
value 0.00604
scoring_system epss
scoring_elements 0.69516
published_at 2026-04-01T12:55:00Z
9
value 0.00604
scoring_system epss
scoring_elements 0.69527
published_at 2026-04-02T12:55:00Z
10
value 0.00604
scoring_system epss
scoring_elements 0.69543
published_at 2026-04-04T12:55:00Z
11
value 0.00604
scoring_system epss
scoring_elements 0.69521
published_at 2026-04-07T12:55:00Z
12
value 0.00604
scoring_system epss
scoring_elements 0.69572
published_at 2026-04-08T12:55:00Z
13
value 0.00604
scoring_system epss
scoring_elements 0.69588
published_at 2026-04-09T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-1196
2
reference_url https://github.com/advisories/GHSA-xx65-cc7g-9pfp
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-xx65-cc7g-9pfp
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-1196
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-1196
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1542002
reference_id 1542002
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1542002
5
reference_url https://pivotal.io/security/cve-2018-1196
reference_id CVE-2018-1196
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://pivotal.io/security/cve-2018-1196
fixed_packages
0
url pkg:maven/org.springframework.boot/spring-boot@1.5.10
purl pkg:maven/org.springframework.boot/spring-boot@1.5.10
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.boot/spring-boot@1.5.10
1
url pkg:maven/org.springframework.boot/spring-boot@1.5.10.RELEASE
purl pkg:maven/org.springframework.boot/spring-boot@1.5.10.RELEASE
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6sye-grs9-dqfh
1
vulnerability VCID-k3fg-3bs3-87b9
2
vulnerability VCID-kwk7-s11d-4ygy
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.boot/spring-boot@1.5.10.RELEASE
aliases CVE-2018-1196, GHSA-xx65-cc7g-9pfp
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hek3-n96t-bydw
3
url VCID-k3fg-3bs3-87b9
vulnerability_id VCID-k3fg-3bs3-87b9
summary 
Spring Boot EndpointRequest.to() creates wrong matcher if actuator endpoint is not exposed
EndpointRequest.to() creates a matcher for null/** if the actuator endpoint, for which the EndpointRequest has been created, is disabled or not exposed.

Your application may be affected by this if all the following conditions are met:

  *  You use Spring Security
  *  EndpointRequest.to() has been used in a Spring Security chain configuration
  *  The endpoint which EndpointRequest references is disabled or not exposed via web
  *  Your application handles requests to /null and this path needs protection


You are not affected if any of the following is true:

  *  You don't use Spring Security
  *  You don't use EndpointRequest.to()
  *  The endpoint which EndpointRequest.to() refers to is enabled and is exposed
  *  Your application does not handle requests to /null or this path does not need protection
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-22235.json
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-22235.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-22235
reference_id
reference_type
scores
0
value 0.0039
scoring_system epss
scoring_elements 0.60082
published_at 2026-04-29T12:55:00Z
1
value 0.0039
scoring_system epss
scoring_elements 0.60094
published_at 2026-04-26T12:55:00Z
2
value 0.0039
scoring_system epss
scoring_elements 0.60077
published_at 2026-04-24T12:55:00Z
3
value 0.0039
scoring_system epss
scoring_elements 0.60108
published_at 2026-04-21T12:55:00Z
4
value 0.0039
scoring_system epss
scoring_elements 0.60121
published_at 2026-04-18T12:55:00Z
5
value 0.0039
scoring_system epss
scoring_elements 0.60114
published_at 2026-04-16T12:55:00Z
6
value 0.0039
scoring_system epss
scoring_elements 0.60076
published_at 2026-04-13T12:55:00Z
7
value 0.0039
scoring_system epss
scoring_elements 0.60028
published_at 2026-04-02T12:55:00Z
8
value 0.0039
scoring_system epss
scoring_elements 0.60093
published_at 2026-04-12T12:55:00Z
9
value 0.0039
scoring_system epss
scoring_elements 0.60052
published_at 2026-04-04T12:55:00Z
10
value 0.0039
scoring_system epss
scoring_elements 0.60107
published_at 2026-04-11T12:55:00Z
11
value 0.0039
scoring_system epss
scoring_elements 0.60022
published_at 2026-04-07T12:55:00Z
12
value 0.0039
scoring_system epss
scoring_elements 0.60086
published_at 2026-04-09T12:55:00Z
13
value 0.0039
scoring_system epss
scoring_elements 0.60072
published_at 2026-04-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-22235
2
reference_url https://github.com/spring-projects/spring-boot
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/spring-projects/spring-boot
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-22235
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-22235
4
reference_url https://security.netapp.com/advisory/ntap-20250516-0010
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20250516-0010
5
reference_url https://spring.io/security/cve-2025-22235
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-28T16:16:38Z/
url https://spring.io/security/cve-2025-22235
6
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2362668
reference_id 2362668
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2362668
7
reference_url https://github.com/advisories/GHSA-rc42-6c7j-7h5r
reference_id GHSA-rc42-6c7j-7h5r
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-rc42-6c7j-7h5r
fixed_packages
0
url pkg:maven/org.springframework.boot/spring-boot@3.0.0
purl pkg:maven/org.springframework.boot/spring-boot@3.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-kwk7-s11d-4ygy
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.boot/spring-boot@3.0.0
1
url pkg:maven/org.springframework.boot/spring-boot@3.3.11
purl pkg:maven/org.springframework.boot/spring-boot@3.3.11
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.boot/spring-boot@3.3.11
2
url pkg:maven/org.springframework.boot/spring-boot@3.4.5
purl pkg:maven/org.springframework.boot/spring-boot@3.4.5
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.boot/spring-boot@3.4.5
aliases CVE-2025-22235, GHSA-rc42-6c7j-7h5r
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-k3fg-3bs3-87b9
4
url VCID-kwk7-s11d-4ygy
vulnerability_id VCID-kwk7-s11d-4ygy
summary 
Spring Boot Actuator denial of service vulnerability
In Spring Boot versions 2.7.0 - 2.7.17, 3.0.0-3.0.12 and 3.1.0-3.1.5, it is possible for a user to provide specially crafted HTTP requests that may cause a denial-of-service (DoS) condition.

Specifically, an application is vulnerable when all of the following are true:

*  the application uses Spring MVC or Spring WebFlux
*  `org.springframework.boot:spring-boot-actuator` is on the classpath
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-34055.json
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-34055.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-34055
reference_id
reference_type
scores
0
value 0.00282
scoring_system epss
scoring_elements 0.51568
published_at 2026-04-29T12:55:00Z
1
value 0.00282
scoring_system epss
scoring_elements 0.51574
published_at 2026-04-02T12:55:00Z
2
value 0.00282
scoring_system epss
scoring_elements 0.516
published_at 2026-04-04T12:55:00Z
3
value 0.00282
scoring_system epss
scoring_elements 0.51561
published_at 2026-04-07T12:55:00Z
4
value 0.00282
scoring_system epss
scoring_elements 0.51615
published_at 2026-04-08T12:55:00Z
5
value 0.00282
scoring_system epss
scoring_elements 0.51612
published_at 2026-04-09T12:55:00Z
6
value 0.00282
scoring_system epss
scoring_elements 0.51661
published_at 2026-04-11T12:55:00Z
7
value 0.00282
scoring_system epss
scoring_elements 0.51639
published_at 2026-04-12T12:55:00Z
8
value 0.00282
scoring_system epss
scoring_elements 0.51623
published_at 2026-04-13T12:55:00Z
9
value 0.00282
scoring_system epss
scoring_elements 0.51664
published_at 2026-04-16T12:55:00Z
10
value 0.00282
scoring_system epss
scoring_elements 0.51671
published_at 2026-04-18T12:55:00Z
11
value 0.00282
scoring_system epss
scoring_elements 0.51651
published_at 2026-04-21T12:55:00Z
12
value 0.00282
scoring_system epss
scoring_elements 0.51602
published_at 2026-04-24T12:55:00Z
13
value 0.00282
scoring_system epss
scoring_elements 0.51609
published_at 2026-04-26T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-34055
2
reference_url https://github.com/spring-projects/spring-boot
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/spring-projects/spring-boot
3
reference_url https://github.com/spring-projects/spring-boot/commit/5490e73922b37a7f0bdde43eb318cb1038b45d60
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/spring-projects/spring-boot/commit/5490e73922b37a7f0bdde43eb318cb1038b45d60
4
reference_url https://security.netapp.com/advisory/ntap-20231221-0010
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20231221-0010
5
reference_url https://security.snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORKBOOT-6226862
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORKBOOT-6226862
6
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2251917
reference_id 2251917
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2251917
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-34055
reference_id CVE-2023-34055
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-34055
8
reference_url https://spring.io/security/cve-2023-34055
reference_id CVE-2023-34055
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://spring.io/security/cve-2023-34055
9
reference_url https://github.com/advisories/GHSA-jjfh-589g-3hjx
reference_id GHSA-jjfh-589g-3hjx
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-jjfh-589g-3hjx
fixed_packages
0
url pkg:maven/org.springframework.boot/spring-boot@2.7.18
purl pkg:maven/org.springframework.boot/spring-boot@2.7.18
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-k3fg-3bs3-87b9
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.boot/spring-boot@2.7.18
1
url pkg:maven/org.springframework.boot/spring-boot@3.0.13
purl pkg:maven/org.springframework.boot/spring-boot@3.0.13
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.boot/spring-boot@3.0.13
2
url pkg:maven/org.springframework.boot/spring-boot@3.1.6
purl pkg:maven/org.springframework.boot/spring-boot@3.1.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-k3fg-3bs3-87b9
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.boot/spring-boot@3.1.6
aliases CVE-2023-34055, GHSA-jjfh-589g-3hjx
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-kwk7-s11d-4ygy
Fixing_vulnerabilities
Risk_score10.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.boot/spring-boot@1.3.5.RELEASE