{"url":"http://public2.vulnerablecode.io/api/packages/32166?format=json","purl":"pkg:maven/org.springframework/spring-core@4.1.0","type":"maven","namespace":"org.springframework","name":"spring-core","version":"4.1.0","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"5.2.24.RELEASE","latest_non_vulnerable_version":"6.2.11","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/4899?format=json","vulnerability_id":"VCID-6zda-pv5y-uybt","summary":"The Java SockJS client in Pivotal Spring Framework 4.1.x before 4.1.5 generates predictable session ids, which allows remote attackers to send messages to other sessions via unspecified vectors.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-0201","reference_id":"","reference_type":"","scores":[{"value":"0.00182","scoring_system":"epss","scoring_elements":"0.39478","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00182","scoring_system":"epss","scoring_elements":"0.39923","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00182","scoring_system":"epss","scoring_elements":"0.39894","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00182","scoring_system":"epss","scoring_elements":"0.39814","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00182","scoring_system":"epss","scoring_elements":"0.3964","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00182","scoring_system":"epss","scoring_elements":"0.39626","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00182","scoring_system":"epss","scoring_elements":"0.3954","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00182","scoring_system":"epss","scoring_elements":"0.39412","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00182","scoring_system":"epss","scoring_elements":"0.39751","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00182","scoring_system":"epss","scoring_elements":"0.39899","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00182","scoring_system":"epss","scoring_elements":"0.39927","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00182","scoring_system":"epss","scoring_elements":"0.3985","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00182","scoring_system":"epss","scoring_elements":"0.39905","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00182","scoring_system":"epss","scoring_elements":"0.39918","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00182","scoring_system":"epss","scoring_elements":"0.39928","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00182","scoring_system":"epss","scoring_elements":"0.39892","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00182","scoring_system":"epss","scoring_elements":"0.39873","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-0201"},{"reference_url":"https://github.com/spring-projects/spring-framework","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/spring-projects/spring-framework"},{"reference_url":"https://github.com/spring-projects/spring-framework/commit/d63cfc8eebc396be009e733a81ebb4c984811f6e","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/spring-projects/spring-framework/commit/d63cfc8eebc396be009e733a81ebb4c984811f6e"},{"reference_url":"https://github.com/spring-projects/spring-framework/commit/dc5b5ca8ee09c890352f89b2dae58bc0132d6545","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/spring-projects/spring-framework/commit/dc5b5ca8ee09c890352f89b2dae58bc0132d6545"},{"reference_url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0201","reference_id":"","reference_type":"","scores":[],"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0201"},{"reference_url":"http://pivotal.io/security/cve-2015-0201","reference_id":"CVE-2015-0201","reference_type":"","scores":[],"url":"http://pivotal.io/security/cve-2015-0201"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2015-0201","reference_id":"CVE-2015-0201","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2015-0201"},{"reference_url":"https://pivotal.io/security/cve-2015-0201","reference_id":"CVE-2015-0201","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://pivotal.io/security/cve-2015-0201"},{"reference_url":"https://github.com/advisories/GHSA-45vg-2v73-vm62","reference_id":"GHSA-45vg-2v73-vm62","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-45vg-2v73-vm62"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/32168?format=json","purl":"pkg:maven/org.springframework/spring-core@4.1.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-pz7c-p4ze-kfhc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-core@4.1.5"},{"url":"http://public2.vulnerablecode.io/api/packages/161968?format=json","purl":"pkg:maven/org.springframework/spring-core@4.1.5.RELEASE","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2nff-p7we-tuax"},{"vulnerability":"VCID-3rev-eg6f-tkb7"},{"vulnerability":"VCID-6ysx-5wcw-f7b5"},{"vulnerability":"VCID-c74k-e1me-pfb2"},{"vulnerability":"VCID-cyjt-4vjn-mbc7"},{"vulnerability":"VCID-dfs4-emmn-f3eb"},{"vulnerability":"VCID-k17s-ttg2-ubgj"},{"vulnerability":"VCID-pb7f-yasx-17ag"},{"vulnerability":"VCID-w6br-v2gm-j7gr"},{"vulnerability":"VCID-y3uz-etva-sufh"},{"vulnerability":"VCID-z3th-j593-m7bg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-core@4.1.5.RELEASE"}],"aliases":["CVE-2015-0201","GHSA-45vg-2v73-vm62"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6zda-pv5y-uybt"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/10817?format=json","vulnerability_id":"VCID-pz7c-p4ze-kfhc","summary":"PlaintextPasswordEncoder authenticates encoded passwords that are null\nSpring Security supports plain text passwords using `PlaintextPasswordEncoder`. a malicious user (or attacker) can authenticate using a password of `null`.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-11272.json","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-11272.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-11272","reference_id":"","reference_type":"","scores":[{"value":"0.00407","scoring_system":"epss","scoring_elements":"0.61175","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00407","scoring_system":"epss","scoring_elements":"0.61194","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00407","scoring_system":"epss","scoring_elements":"0.612","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00407","scoring_system":"epss","scoring_elements":"0.61181","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00407","scoring_system":"epss","scoring_elements":"0.6117","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00407","scoring_system":"epss","scoring_elements":"0.61185","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00407","scoring_system":"epss","scoring_elements":"0.61177","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00407","scoring_system":"epss","scoring_elements":"0.61125","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00407","scoring_system":"epss","scoring_elements":"0.61031","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00407","scoring_system":"epss","scoring_elements":"0.61108","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00407","scoring_system":"epss","scoring_elements":"0.61136","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00407","scoring_system":"epss","scoring_elements":"0.61102","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00407","scoring_system":"epss","scoring_elements":"0.6115","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00407","scoring_system":"epss","scoring_elements":"0.61165","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00407","scoring_system":"epss","scoring_elements":"0.61186","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00407","scoring_system":"epss","scoring_elements":"0.61173","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00407","scoring_system":"epss","scoring_elements":"0.61154","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-11272"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2019/07/msg00008.html","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2019/07/msg00008.html"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1728993","reference_id":"1728993","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1728993"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-11272","reference_id":"CVE-2019-11272","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-11272"},{"reference_url":"https://pivotal.io/security/cve-2019-11272","reference_id":"CVE-2019-11272","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://pivotal.io/security/cve-2019-11272"},{"reference_url":"https://github.com/advisories/GHSA-v33x-prhc-gph5","reference_id":"GHSA-v33x-prhc-gph5","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-v33x-prhc-gph5"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:0983","reference_id":"RHSA-2020:0983","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:0983"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/161968?format=json","purl":"pkg:maven/org.springframework/spring-core@4.1.5.RELEASE","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2nff-p7we-tuax"},{"vulnerability":"VCID-3rev-eg6f-tkb7"},{"vulnerability":"VCID-6ysx-5wcw-f7b5"},{"vulnerability":"VCID-c74k-e1me-pfb2"},{"vulnerability":"VCID-cyjt-4vjn-mbc7"},{"vulnerability":"VCID-dfs4-emmn-f3eb"},{"vulnerability":"VCID-k17s-ttg2-ubgj"},{"vulnerability":"VCID-pb7f-yasx-17ag"},{"vulnerability":"VCID-w6br-v2gm-j7gr"},{"vulnerability":"VCID-y3uz-etva-sufh"},{"vulnerability":"VCID-z3th-j593-m7bg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-core@4.1.5.RELEASE"},{"url":"http://public2.vulnerablecode.io/api/packages/24201?format=json","purl":"pkg:maven/org.springframework/spring-core@4.3.0.RELEASE","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3rev-eg6f-tkb7"},{"vulnerability":"VCID-6ysx-5wcw-f7b5"},{"vulnerability":"VCID-c74k-e1me-pfb2"},{"vulnerability":"VCID-cyjt-4vjn-mbc7"},{"vulnerability":"VCID-dfs4-emmn-f3eb"},{"vulnerability":"VCID-j3wr-npbv-8qcw"},{"vulnerability":"VCID-k17s-ttg2-ubgj"},{"vulnerability":"VCID-mqnn-spsw-8fg5"},{"vulnerability":"VCID-pb7f-yasx-17ag"},{"vulnerability":"VCID-qpxj-fzta-v7bs"},{"vulnerability":"VCID-w6br-v2gm-j7gr"},{"vulnerability":"VCID-y3uz-etva-sufh"},{"vulnerability":"VCID-z3th-j593-m7bg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-core@4.3.0.RELEASE"}],"aliases":["CVE-2019-11272","GHSA-v33x-prhc-gph5"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pz7c-p4ze-kfhc"}],"fixing_vulnerabilities":[],"risk_score":"4.0","resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-core@4.1.0"}