Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:maven/org.springframework/spring-core@1.1.5

Type maven

Namespace org.springframework

Name spring-core

Version 1.1.5

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 5.2.24.RELEASE

Latest_non_vulnerable_version 6.2.11

Affected_by_vulnerabilities

url VCID-5unr-uxny-rfdm

vulnerability_id VCID-5unr-uxny-rfdm

summary

references

reference_url

https://access.redhat.com/errata/RHSA-2017:3115

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2017:3115

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9878.json

reference_id

reference_type

scores

value	5.6
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9878.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2016-9878

reference_id

reference_type

scores

value	0.04927
scoring_system	epss
scoring_elements	0.89882
published_at	2026-06-12T12:55:00Z

value	0.04927
scoring_system	epss
scoring_elements	0.89848
published_at	2026-06-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2016-9878

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9878
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9878

reference_url

https://github.com/spring-projects/spring-framework

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/spring-projects/spring-framework

reference_url

https://github.com/spring-projects/spring-framework/commit/43bf008fbcd0d7945e2fcd5e30039bc4d74c7a98

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/spring-projects/spring-framework/commit/43bf008fbcd0d7945e2fcd5e30039bc4d74c7a98

reference_url

https://github.com/spring-projects/spring-framework/commit/a7dc48534ea501525f11369d369178a60c2f47d0

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/spring-projects/spring-framework/commit/a7dc48534ea501525f11369d369178a60c2f47d0

reference_url

https://github.com/spring-projects/spring-framework/commit/e2d6e709c3c65a4951eb096843ee75d5200cfcad

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/spring-projects/spring-framework/commit/e2d6e709c3c65a4951eb096843ee75d5200cfcad

reference_url

https://github.com/spring-projects/spring-framework/issues/19513

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/spring-projects/spring-framework/issues/19513

reference_url

https://lists.debian.org/debian-lts-announce/2019/07/msg00012.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2019/07/msg00012.html

reference_url

https://security.netapp.com/advisory/ntap-20180419-0002

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20180419-0002

reference_url

http://www.securityfocus.com/bid/95072

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.securityfocus.com/bid/95072

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1408164
reference_id	1408164
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1408164

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=849167
reference_id	849167
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=849167

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2016-9878

reference_id

CVE-2016-9878

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2016-9878

reference_url

https://pivotal.io/security/cve-2016-9878

reference_id

CVE-2016-9878

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://pivotal.io/security/cve-2016-9878

reference_url

https://github.com/advisories/GHSA-2m8h-fgr8-2q9w

reference_id

GHSA-2m8h-fgr8-2q9w

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/advisories/GHSA-2m8h-fgr8-2q9w

reference_url	https://usn.ubuntu.com/USN-4774-1/
reference_id	USN-USN-4774-1
reference_type
scores
url	https://usn.ubuntu.com/USN-4774-1/

fixed_packages

url	pkg:maven/org.springframework/spring-core@3.2.18
purl	pkg:maven/org.springframework/spring-core@3.2.18
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-core@3.2.18

url pkg:maven/org.springframework/spring-core@3.2.18.RELEASE

purl pkg:maven/org.springframework/spring-core@3.2.18.RELEASE

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8cpe-j15y-jbdk

vulnerability	VCID-98z5-6z3z-mkf6

vulnerability	VCID-a7rq-rmbf-t3es

vulnerability	VCID-c67u-pz7u-c7bf

vulnerability	VCID-e3yh-y2av-wff3

vulnerability	VCID-m6tq-7gmn-2kdy

vulnerability	VCID-n3z8-z3gf-zydq

vulnerability	VCID-ndek-xah6-47d2

vulnerability	VCID-r8q8-2grb-7ug8

vulnerability	VCID-znax-q3vq-g7cj

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-core@3.2.18.RELEASE

url pkg:maven/org.springframework/spring-core@4.2.9

purl pkg:maven/org.springframework/spring-core@4.2.9

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-ndek-xah6-47d2

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-core@4.2.9

url pkg:maven/org.springframework/spring-core@4.2.9.RELEASE

purl pkg:maven/org.springframework/spring-core@4.2.9.RELEASE

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8cpe-j15y-jbdk

vulnerability	VCID-8ge5-5c1e-7yeg

vulnerability	VCID-98z5-6z3z-mkf6

vulnerability	VCID-a7rq-rmbf-t3es

vulnerability	VCID-c67u-pz7u-c7bf

vulnerability	VCID-e3yh-y2av-wff3

vulnerability	VCID-m6tq-7gmn-2kdy

vulnerability	VCID-n3z8-z3gf-zydq

vulnerability	VCID-r8q8-2grb-7ug8

vulnerability	VCID-v4xw-cyut-xkcj

vulnerability	VCID-znax-q3vq-g7cj

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-core@4.2.9.RELEASE

url	pkg:maven/org.springframework/spring-core@4.3.5
purl	pkg:maven/org.springframework/spring-core@4.3.5
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-core@4.3.5

url pkg:maven/org.springframework/spring-core@4.3.5.RELEASE

purl pkg:maven/org.springframework/spring-core@4.3.5.RELEASE

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2rvf-jqqg-vfe7

vulnerability	VCID-8cpe-j15y-jbdk

vulnerability	VCID-98z5-6z3z-mkf6

vulnerability	VCID-c67u-pz7u-c7bf

vulnerability	VCID-e3yh-y2av-wff3

vulnerability	VCID-m6tq-7gmn-2kdy

vulnerability	VCID-n3z8-z3gf-zydq

vulnerability	VCID-ndek-xah6-47d2

vulnerability	VCID-r8q8-2grb-7ug8

vulnerability	VCID-znax-q3vq-g7cj

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-core@4.3.5.RELEASE

aliases CVE-2016-9878, GHSA-2m8h-fgr8-2q9w

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5unr-uxny-rfdm

url VCID-8cpe-j15y-jbdk

vulnerability_id VCID-8cpe-j15y-jbdk

summary In spring framework versions prior to 5.3.20+ , 5.2.22+ and old unsupported versions, application with a STOMP over WebSocket endpoint is vulnerable to a denial of service attack by an authenticated user.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-22971.json

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-22971.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-22971

reference_id

reference_type

scores

value	0.00247
scoring_system	epss
scoring_elements	0.48347
published_at	2026-06-12T12:55:00Z

value	0.00247
scoring_system	epss
scoring_elements	0.4821
published_at	2026-06-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-22971

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22971
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22971

reference_url

https://github.com/spring-projects/spring-framework

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/spring-projects/spring-framework

reference_url

https://github.com/spring-projects/spring-framework/commit/159a99bbafdd6c01871228113d7042c3f83f360f

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/spring-projects/spring-framework/commit/159a99bbafdd6c01871228113d7042c3f83f360f

reference_url

https://github.com/spring-projects/spring-framework/commit/dc2947c52df18d5e99cad03383f7d6ba13d031fd

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/spring-projects/spring-framework/commit/dc2947c52df18d5e99cad03383f7d6ba13d031fd

reference_url

https://security.netapp.com/advisory/ntap-20220616-0003

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20220616-0003

reference_url	https://security.netapp.com/advisory/ntap-20220616-0003/
reference_id
reference_type
scores
url	https://security.netapp.com/advisory/ntap-20220616-0003/

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2087274
reference_id	2087274
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2087274

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2022-22971

reference_id

CVE-2022-22971

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2022-22971

reference_url

https://tanzu.vmware.com/security/cve-2022-22971

reference_id

CVE-2022-22971

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://tanzu.vmware.com/security/cve-2022-22971

reference_url

https://github.com/advisories/GHSA-rqph-vqwm-22vc

reference_id

GHSA-rqph-vqwm-22vc

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-rqph-vqwm-22vc

reference_url	https://access.redhat.com/errata/RHSA-2022:5532
reference_id	RHSA-2022:5532
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:5532

reference_url	https://access.redhat.com/errata/RHSA-2023:1661
reference_id	RHSA-2023:1661
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:1661

reference_url	https://access.redhat.com/errata/RHSA-2023:3185
reference_id	RHSA-2023:3185
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:3185

fixed_packages

url pkg:maven/org.springframework/spring-core@5.2.22.RELEASE

purl pkg:maven/org.springframework/spring-core@5.2.22.RELEASE

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-m6tq-7gmn-2kdy

vulnerability	VCID-r8q8-2grb-7ug8

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-core@5.2.22.RELEASE

url pkg:maven/org.springframework/spring-core@5.3.20

purl pkg:maven/org.springframework/spring-core@5.3.20

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1w5g-w36x-n7cq

vulnerability	VCID-m6tq-7gmn-2kdy

vulnerability	VCID-r8q8-2grb-7ug8

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-core@5.3.20

aliases CVE-2022-22971, GHSA-rqph-vqwm-22vc

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8cpe-j15y-jbdk

url VCID-98z5-6z3z-mkf6

vulnerability_id VCID-98z5-6z3z-mkf6

summary Improper handling of case sensitivity in Spring Framework

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-22968.json

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-22968.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-22968

reference_id

reference_type

scores

value	0.2051
scoring_system	epss
scoring_elements	0.95694
published_at	2026-06-11T12:55:00Z

value	0.2051
scoring_system	epss
scoring_elements	0.95707
published_at	2026-06-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-22968

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22968
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22968

reference_url

https://github.com/spring-projects/spring-framework

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/spring-projects/spring-framework

reference_url

https://github.com/spring-projects/spring-framework/commit/833e750175349ab4fd502109a8b41af77e25cdea

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/spring-projects/spring-framework/commit/833e750175349ab4fd502109a8b41af77e25cdea

reference_url

https://github.com/spring-projects/spring-framework/commit/a7cf19cec5ebd270f97a194d749e2d5701ad2ab7

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/spring-projects/spring-framework/commit/a7cf19cec5ebd270f97a194d749e2d5701ad2ab7

reference_url

https://security.netapp.com/advisory/ntap-20220602-0004

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20220602-0004

reference_url	https://security.netapp.com/advisory/ntap-20220602-0004/
reference_id
reference_type
scores
url	https://security.netapp.com/advisory/ntap-20220602-0004/

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2075441
reference_id	2075441
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2075441

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2022-22968

reference_id

CVE-2022-22968

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2022-22968

reference_url

https://tanzu.vmware.com/security/cve-2022-22968

reference_id

CVE-2022-22968

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://tanzu.vmware.com/security/cve-2022-22968

reference_url

https://github.com/advisories/GHSA-g5mm-vmx4-3rg7

reference_id

GHSA-g5mm-vmx4-3rg7

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-g5mm-vmx4-3rg7

reference_url	https://access.redhat.com/errata/RHSA-2022:5101
reference_id	RHSA-2022:5101
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:5101

reference_url	https://access.redhat.com/errata/RHSA-2022:5532
reference_id	RHSA-2022:5532
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:5532

fixed_packages

url	pkg:maven/org.springframework/spring-core@5.2.21
purl	pkg:maven/org.springframework/spring-core@5.2.21
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-core@5.2.21

url pkg:maven/org.springframework/spring-core@5.2.21.RELEASE

purl pkg:maven/org.springframework/spring-core@5.2.21.RELEASE

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8cpe-j15y-jbdk

vulnerability	VCID-e3yh-y2av-wff3

vulnerability	VCID-m6tq-7gmn-2kdy

vulnerability	VCID-r8q8-2grb-7ug8

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-core@5.2.21.RELEASE

url pkg:maven/org.springframework/spring-core@5.3.19

purl pkg:maven/org.springframework/spring-core@5.3.19

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1w5g-w36x-n7cq

vulnerability	VCID-8cpe-j15y-jbdk

vulnerability	VCID-e3yh-y2av-wff3

vulnerability	VCID-m6tq-7gmn-2kdy

vulnerability	VCID-r8q8-2grb-7ug8

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-core@5.3.19

aliases CVE-2022-22968, GHSA-g5mm-vmx4-3rg7

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-98z5-6z3z-mkf6

url VCID-a7rq-rmbf-t3es

vulnerability_id VCID-a7rq-rmbf-t3es

summary

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-5007.json

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-5007.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2016-5007

reference_id

reference_type

scores

value	0.00155
scoring_system	epss
scoring_elements	0.3599
published_at	2026-06-11T12:55:00Z

value	0.00155
scoring_system	epss
scoring_elements	0.36169
published_at	2026-06-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2016-5007

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5007
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5007

reference_url

https://github.com/spring-projects/spring-framework/commit/a30ab30e4e9ae021fdda04e9abfc228476b846b5

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/spring-projects/spring-framework/commit/a30ab30e4e9ae021fdda04e9abfc228476b846b5

reference_url

https://github.com/spring-projects/spring-security/commit/e4c13e3c0ee7f06f59d3b43ca6734215ad7d8974

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/spring-projects/spring-security/commit/e4c13e3c0ee7f06f59d3b43ca6734215ad7d8974

reference_url

https://github.com/spring-projects/spring-security/issues/3964

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/spring-projects/spring-security/issues/3964

reference_url

http://www.securityfocus.com/bid/91687

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.securityfocus.com/bid/91687

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1353902
reference_id	1353902
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1353902

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2016-5007

reference_id

CVE-2016-5007

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2016-5007

reference_url

https://pivotal.io/security/cve-2016-5007

reference_id

CVE-2016-5007

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://pivotal.io/security/cve-2016-5007

reference_url

https://github.com/advisories/GHSA-8crv-49fr-2h6j

reference_id

GHSA-8crv-49fr-2h6j

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/advisories/GHSA-8crv-49fr-2h6j

fixed_packages

url	pkg:maven/org.springframework/spring-core@4.3.1
purl	pkg:maven/org.springframework/spring-core@4.3.1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-core@4.3.1

url pkg:maven/org.springframework/spring-core@4.3.1.RELEASE

purl pkg:maven/org.springframework/spring-core@4.3.1.RELEASE

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2rvf-jqqg-vfe7

vulnerability	VCID-5unr-uxny-rfdm

vulnerability	VCID-8cpe-j15y-jbdk

vulnerability	VCID-98z5-6z3z-mkf6

vulnerability	VCID-c67u-pz7u-c7bf

vulnerability	VCID-e3yh-y2av-wff3

vulnerability	VCID-m6tq-7gmn-2kdy

vulnerability	VCID-n3z8-z3gf-zydq

vulnerability	VCID-ndek-xah6-47d2

vulnerability	VCID-r8q8-2grb-7ug8

vulnerability	VCID-znax-q3vq-g7cj

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-core@4.3.1.RELEASE

aliases CVE-2016-5007, GHSA-8crv-49fr-2h6j

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-a7rq-rmbf-t3es

url VCID-c67u-pz7u-c7bf

vulnerability_id VCID-c67u-pz7u-c7bf

summary

references

reference_url

https://access.redhat.com/errata/RHSA-2018:1320

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2018:1320

reference_url

https://access.redhat.com/errata/RHSA-2018:2669

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2018:2669

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1272.json

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1272.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-1272

reference_id

reference_type

scores

value	0.02166
scoring_system	epss
scoring_elements	0.84728
published_at	2026-06-12T12:55:00Z

value	0.02166
scoring_system	epss
scoring_elements	0.84675
published_at	2026-06-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-1272

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1272
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1272

reference_url	https://exchange.xforce.ibmcloud.com/vulnerabilities/141286
reference_id
reference_type
scores
url	https://exchange.xforce.ibmcloud.com/vulnerabilities/141286

reference_url

https://github.com/spring-projects/spring-framework/commit/ab2410c754b67902f002bfcc0c3895bd7772d39

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/spring-projects/spring-framework/commit/ab2410c754b67902f002bfcc0c3895bd7772d39

reference_url

https://github.com/spring-projects/spring-framework/commit/e02ff3a0da50744b0980d5d665fd242eedea767

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/spring-projects/spring-framework/commit/e02ff3a0da50744b0980d5d665fd242eedea767

reference_url

http://www.securityfocus.com/bid/103697

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.securityfocus.com/bid/103697

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1564408
reference_id	1564408
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1564408

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=895114
reference_id	895114
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=895114

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2018-1272

reference_id

CVE-2018-1272

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2018-1272

reference_url

https://pivotal.io/security/cve-2018-1272

reference_id

CVE-2018-1272

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://pivotal.io/security/cve-2018-1272

reference_url

https://github.com/advisories/GHSA-4487-x383-qpph

reference_id

GHSA-4487-x383-qpph

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/advisories/GHSA-4487-x383-qpph

fixed_packages

url	pkg:maven/org.springframework/spring-core@4.3.15
purl	pkg:maven/org.springframework/spring-core@4.3.15
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-core@4.3.15

url pkg:maven/org.springframework/spring-core@4.3.15.RELEASE

purl pkg:maven/org.springframework/spring-core@4.3.15.RELEASE

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8cpe-j15y-jbdk

vulnerability	VCID-98z5-6z3z-mkf6

vulnerability	VCID-e3yh-y2av-wff3

vulnerability	VCID-m6tq-7gmn-2kdy

vulnerability	VCID-n3z8-z3gf-zydq

vulnerability	VCID-ndek-xah6-47d2

vulnerability	VCID-r8q8-2grb-7ug8

vulnerability	VCID-znax-q3vq-g7cj

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-core@4.3.15.RELEASE

url	pkg:maven/org.springframework/spring-core@5.0.5
purl	pkg:maven/org.springframework/spring-core@5.0.5
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-core@5.0.5

url pkg:maven/org.springframework/spring-core@5.0.5.RELEASE

purl pkg:maven/org.springframework/spring-core@5.0.5.RELEASE

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-634d-qbv5-j7f5

vulnerability	VCID-8cpe-j15y-jbdk

vulnerability	VCID-98z5-6z3z-mkf6

vulnerability	VCID-e3yh-y2av-wff3

vulnerability	VCID-m6tq-7gmn-2kdy

vulnerability	VCID-n3z8-z3gf-zydq

vulnerability	VCID-ndek-xah6-47d2

vulnerability	VCID-r8q8-2grb-7ug8

vulnerability	VCID-v4xw-cyut-xkcj

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-core@5.0.5.RELEASE

aliases CVE-2018-1272, GHSA-4487-x383-qpph

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-c67u-pz7u-c7bf

url VCID-e3yh-y2av-wff3

vulnerability_id VCID-e3yh-y2av-wff3

summary In spring framework versions prior to 5.3.20+ , 5.2.22+ and old unsupported versions, applications that handle file uploads are vulnerable to DoS attack if they rely on data binding to set a MultipartFile or javax.servlet.Part to a field in a model object.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-22970.json

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-22970.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-22970

reference_id

reference_type

scores

value	0.00164
scoring_system	epss
scoring_elements	0.37312
published_at	2026-06-12T12:55:00Z

value	0.00164
scoring_system	epss
scoring_elements	0.37134
published_at	2026-06-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-22970

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22970
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22970

reference_url

https://github.com/spring-projects/spring-framework

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/spring-projects/spring-framework

reference_url

https://github.com/spring-projects/spring-framework/commit/50177b1ad3485bd44239b1756f6c14607476fcf2

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/spring-projects/spring-framework/commit/50177b1ad3485bd44239b1756f6c14607476fcf2

reference_url

https://github.com/spring-projects/spring-framework/commit/83186b689f11f5e6efe7ccc08fdeb92f66fcd583

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/spring-projects/spring-framework/commit/83186b689f11f5e6efe7ccc08fdeb92f66fcd583

reference_url

https://security.netapp.com/advisory/ntap-20220616-0006

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20220616-0006

reference_url	https://security.netapp.com/advisory/ntap-20220616-0006/
reference_id
reference_type
scores
url	https://security.netapp.com/advisory/ntap-20220616-0006/

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2087272
reference_id	2087272
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2087272

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2022-22970

reference_id

CVE-2022-22970

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2022-22970

reference_url

https://tanzu.vmware.com/security/cve-2022-22970

reference_id

CVE-2022-22970

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://tanzu.vmware.com/security/cve-2022-22970

reference_url

https://github.com/advisories/GHSA-hh26-6xwr-ggv7

reference_id

GHSA-hh26-6xwr-ggv7

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-hh26-6xwr-ggv7

reference_url	https://access.redhat.com/errata/RHSA-2022:5532
reference_id	RHSA-2022:5532
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:5532

reference_url	https://access.redhat.com/errata/RHSA-2023:1661
reference_id	RHSA-2023:1661
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:1661

reference_url	https://access.redhat.com/errata/RHSA-2023:3185
reference_id	RHSA-2023:3185
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:3185

fixed_packages

url pkg:maven/org.springframework/spring-core@5.2.22.RELEASE

purl pkg:maven/org.springframework/spring-core@5.2.22.RELEASE

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-m6tq-7gmn-2kdy

vulnerability	VCID-r8q8-2grb-7ug8

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-core@5.2.22.RELEASE

url pkg:maven/org.springframework/spring-core@5.3.20

purl pkg:maven/org.springframework/spring-core@5.3.20

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1w5g-w36x-n7cq

vulnerability	VCID-m6tq-7gmn-2kdy

vulnerability	VCID-r8q8-2grb-7ug8

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-core@5.3.20

aliases CVE-2022-22970, GHSA-hh26-6xwr-ggv7

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-e3yh-y2av-wff3

url VCID-m6tq-7gmn-2kdy

vulnerability_id VCID-m6tq-7gmn-2kdy

summary In spring framework versions prior to 5.2.24 release+ ,5.3.27+ and 6.0.8+ , it is possible for a user to provide a specially crafted SpEL expression that may cause a denial-of-service (DoS) condition.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-20863.json

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-20863.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-20863

reference_id

reference_type

scores

value	0.01066
scoring_system	epss
scoring_elements	0.78173
published_at	2026-06-12T12:55:00Z

value	0.01066
scoring_system	epss
scoring_elements	0.78105
published_at	2026-06-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-20863

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20863
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20863

reference_url

https://github.com/spring-projects/spring-framework

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/spring-projects/spring-framework

reference_url

https://github.com/spring-projects/spring-framework/commit/965a6392757d20f9db19241126fcc719a51eac15

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/spring-projects/spring-framework/commit/965a6392757d20f9db19241126fcc719a51eac15

reference_url

https://github.com/spring-projects/spring-framework/commit/b73f5fcac22555f844cf27a7eeb876cb9d7f7f7e

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/spring-projects/spring-framework/commit/b73f5fcac22555f844cf27a7eeb876cb9d7f7f7e

reference_url

https://github.com/spring-projects/spring-framework/commit/ebc82654282bda547fbc20a9749ab1bda886a46f

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/spring-projects/spring-framework/commit/ebc82654282bda547fbc20a9749ab1bda886a46f

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2023-20863

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2023-20863

reference_url

https://security.netapp.com/advisory/ntap-20240524-0015

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20240524-0015

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2187742
reference_id	2187742
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2187742

reference_url

https://spring.io/security/cve-2023-20863

reference_id

cve-2023-20863

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-07T16:47:31Z/

url

https://spring.io/security/cve-2023-20863

reference_url

https://github.com/advisories/GHSA-wxqc-pxw9-g2p8

reference_id

GHSA-wxqc-pxw9-g2p8

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-wxqc-pxw9-g2p8

reference_url

https://security.netapp.com/advisory/ntap-20240524-0015/

reference_id

ntap-20240524-0015

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-07T16:47:31Z/

url

https://security.netapp.com/advisory/ntap-20240524-0015/

reference_url	https://access.redhat.com/errata/RHSA-2023:2099
reference_id	RHSA-2023:2099
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:2099

reference_url	https://access.redhat.com/errata/RHSA-2023:2100
reference_id	RHSA-2023:2100
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:2100

fixed_packages

url	pkg:maven/org.springframework/spring-core@5.2.24.RELEASE
purl	pkg:maven/org.springframework/spring-core@5.2.24.RELEASE
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-core@5.2.24.RELEASE

url pkg:maven/org.springframework/spring-core@5.3.27

purl pkg:maven/org.springframework/spring-core@5.3.27

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1w5g-w36x-n7cq

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-core@5.3.27

url pkg:maven/org.springframework/spring-core@6.0.8

purl pkg:maven/org.springframework/spring-core@6.0.8

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1w5g-w36x-n7cq

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-core@6.0.8

aliases CVE-2023-20863, GHSA-wxqc-pxw9-g2p8

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-m6tq-7gmn-2kdy

url VCID-n3z8-z3gf-zydq

vulnerability_id VCID-n3z8-z3gf-zydq

summary A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application is deployed as a Spring Boot executable jar, i.e. the default, it is not vulnerable to the exploit. However, the nature of the vulnerability is more general, and there may be other ways to exploit it.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-22965.json

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-22965.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-22965

reference_id

reference_type

scores

value	0.94439
scoring_system	epss
scoring_elements	0.9999
published_at	2026-06-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-22965

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22965
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22965

reference_url

https://github.com/spring-projects/spring-boot/releases/tag/v2.5.12

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/spring-projects/spring-boot/releases/tag/v2.5.12

reference_url

https://github.com/spring-projects/spring-boot/releases/tag/v2.6.6

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/spring-projects/spring-boot/releases/tag/v2.6.6

reference_url

https://github.com/spring-projects/spring-framework

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/spring-projects/spring-framework

reference_url

https://github.com/spring-projects/spring-framework/commit/002546b3e4b8d791ea6acccb81eb3168f51abb15

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/spring-projects/spring-framework/commit/002546b3e4b8d791ea6acccb81eb3168f51abb15

reference_url

https://github.com/spring-projects/spring-framework/releases/tag/v5.2.20.RELEASE

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/spring-projects/spring-framework/releases/tag/v5.2.20.RELEASE

reference_url

https://github.com/spring-projects/spring-framework/releases/tag/v5.3.18

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/spring-projects/spring-framework/releases/tag/v5.3.18

reference_url

https://spring.io/blog/2022/03/31/spring-framework-rce-early-announcement

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://spring.io/blog/2022/03/31/spring-framework-rce-early-announcement

reference_url	https://spring.io/blog/2022/03/31/spring-framework-rce-early-announcement#suggested-workarounds
reference_id
reference_type
scores
url	https://spring.io/blog/2022/03/31/spring-framework-rce-early-announcement#suggested-workarounds

reference_url

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-22965

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-22965

reference_url

https://www.kb.cert.org/vuls/id/970766

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://www.kb.cert.org/vuls/id/970766

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2070348
reference_id	2070348
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2070348

reference_url

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-java-spring-rce-Zx9GUc67

reference_id

cisco-sa-java-spring-rce-Zx9GUc67

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Act
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-01-29T17:52:10Z/

url

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-java-spring-rce-Zx9GUc67

reference_url

https://www.oracle.com/security-alerts/cpuapr2022.html

reference_id

cpuapr2022.html

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Act
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-01-29T17:52:10Z/

url

https://www.oracle.com/security-alerts/cpuapr2022.html

reference_url

https://www.oracle.com/security-alerts/cpujul2022.html

reference_id

cpujul2022.html

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Act
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-01-29T17:52:10Z/

url

https://www.oracle.com/security-alerts/cpujul2022.html

reference_url

https://tanzu.vmware.com/security/cve-2022-22965

reference_id

cve-2022-22965

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Act
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-01-29T17:52:10Z/

url

https://tanzu.vmware.com/security/cve-2022-22965

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2022-22965

reference_id

CVE-2022-22965

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2022-22965

reference_url

https://github.com/advisories/GHSA-36p3-wjmg-h94x

reference_id

GHSA-36p3-wjmg-h94x

reference_type

scores

value	CRITICAL
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-36p3-wjmg-h94x

reference_url	https://access.redhat.com/errata/RHSA-2022:1306
reference_id	RHSA-2022:1306
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:1306

reference_url	https://access.redhat.com/errata/RHSA-2022:1333
reference_id	RHSA-2022:1333
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:1333

reference_url	https://access.redhat.com/errata/RHSA-2022:1360
reference_id	RHSA-2022:1360
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:1360

reference_url	https://access.redhat.com/errata/RHSA-2022:1378
reference_id	RHSA-2022:1378
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:1378

reference_url	https://access.redhat.com/errata/RHSA-2022:1379
reference_id	RHSA-2022:1379
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:1379

reference_url	https://access.redhat.com/errata/RHSA-2022:1626
reference_id	RHSA-2022:1626
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:1626

reference_url	https://access.redhat.com/errata/RHSA-2022:1627
reference_id	RHSA-2022:1627
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:1627

reference_url

https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0005

reference_id

SNWLID-2022-0005

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Act
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-01-29T17:52:10Z/

url

https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0005

reference_url

http://packetstormsecurity.com/files/166713/Spring4Shell-Code-Execution.html

reference_id

Spring4Shell-Code-Execution.html

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Act
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-01-29T17:52:10Z/

url

http://packetstormsecurity.com/files/166713/Spring4Shell-Code-Execution.html

reference_url

http://packetstormsecurity.com/files/167011/Spring4Shell-Spring-Framework-Class-Property-Remote-Code-Execution.html

reference_id

Spring4Shell-Spring-Framework-Class-Property-Remote-Code-Execution.html

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Act
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-01-29T17:52:10Z/

url

http://packetstormsecurity.com/files/167011/Spring4Shell-Spring-Framework-Class-Property-Remote-Code-Execution.html

reference_url

https://cert-portal.siemens.com/productcert/pdf/ssa-254054.pdf

reference_id

ssa-254054.pdf

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Act
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-01-29T17:52:10Z/

url

https://cert-portal.siemens.com/productcert/pdf/ssa-254054.pdf

reference_url	https://usn.ubuntu.com/7165-1/
reference_id	USN-7165-1
reference_type
scores
url	https://usn.ubuntu.com/7165-1/

fixed_packages

url	pkg:maven/org.springframework/spring-core@5.2.20
purl	pkg:maven/org.springframework/spring-core@5.2.20
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-core@5.2.20

url pkg:maven/org.springframework/spring-core@5.2.20.RELEASE

purl pkg:maven/org.springframework/spring-core@5.2.20.RELEASE

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8cpe-j15y-jbdk

vulnerability	VCID-98z5-6z3z-mkf6

vulnerability	VCID-e3yh-y2av-wff3

vulnerability	VCID-m6tq-7gmn-2kdy

vulnerability	VCID-r8q8-2grb-7ug8

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-core@5.2.20.RELEASE

url pkg:maven/org.springframework/spring-core@5.3.18

purl pkg:maven/org.springframework/spring-core@5.3.18

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1w5g-w36x-n7cq

vulnerability	VCID-8cpe-j15y-jbdk

vulnerability	VCID-98z5-6z3z-mkf6

vulnerability	VCID-e3yh-y2av-wff3

vulnerability	VCID-m6tq-7gmn-2kdy

vulnerability	VCID-r8q8-2grb-7ug8

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-core@5.3.18

aliases CVE-2022-22965, GHSA-36p3-wjmg-h94x, GMS-2022-558, GMS-2022-559, GMS-2022-560, GMS-2022-561

risk_score 10.0

exploitability 2.0

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-n3z8-z3gf-zydq

url VCID-ndek-xah6-47d2

vulnerability_id VCID-ndek-xah6-47d2

summary In Spring Framework versions 5.2.0 - 5.2.8, 5.1.0 - 5.1.17, 5.0.0 - 5.0.18, 4.3.0 - 4.3.28, and older unsupported versions, the protections against RFD attacks from CVE-2015-5211 may be bypassed depending on the browser used through the use of a jsessionid path parameter.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-5421.json

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-5421.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-5421

reference_id

reference_type

scores

value	0.63828
scoring_system	epss
scoring_elements	0.98447
published_at	2026-06-11T12:55:00Z

value	0.63828
scoring_system	epss
scoring_elements	0.98453
published_at	2026-06-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-5421

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5421
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5421

reference_url

https://lists.apache.org/thread.html/r1c679c43fa4f7846d748a937955c7921436d1b315445978254442163@%3Ccommits.ambari.apache.org%3E

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r1c679c43fa4f7846d748a937955c7921436d1b315445978254442163@%3Ccommits.ambari.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r1eccdbd7986618a7319ee7a533bd9d9bf6e8678e59dd4cca9b5b2d7a@%3Cissues.ambari.apache.org%3E

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r1eccdbd7986618a7319ee7a533bd9d9bf6e8678e59dd4cca9b5b2d7a@%3Cissues.ambari.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r3589ed0d18edeb79028615080d5a0e8878856436bb91774a3196d9eb@%3Ccommits.pulsar.apache.org%3E

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r3589ed0d18edeb79028615080d5a0e8878856436bb91774a3196d9eb@%3Ccommits.pulsar.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r503e64b43a57fd68229cac4a869d1a9a2eac9e75f8719cad3a840211@%3Ccommits.pulsar.apache.org%3E

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r503e64b43a57fd68229cac4a869d1a9a2eac9e75f8719cad3a840211@%3Ccommits.pulsar.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r5c95eff679dfc642e9e4ab5ac6d202248a59cb1e9457cfbe8b729ac5@%3Cissues.ambari.apache.org%3E

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r5c95eff679dfc642e9e4ab5ac6d202248a59cb1e9457cfbe8b729ac5@%3Cissues.ambari.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r7e6a213eea7f04fc6d9e3bd6eb8d68c4df92a22e956e95cb2c482865@%3Cissues.hive.apache.org%3E

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r7e6a213eea7f04fc6d9e3bd6eb8d68c4df92a22e956e95cb2c482865@%3Cissues.hive.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r8b496b1743d128e6861ee0ed3c3c48cc56c505b38f84fa5baf7ae33a@%3Cdev.ambari.apache.org%3E

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r8b496b1743d128e6861ee0ed3c3c48cc56c505b38f84fa5baf7ae33a@%3Cdev.ambari.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r918caad55dcc640a16753b00d8d6acb90b4e36de4b6156d0867246ec@%3Ccommits.pulsar.apache.org%3E

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r918caad55dcc640a16753b00d8d6acb90b4e36de4b6156d0867246ec@%3Ccommits.pulsar.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r9f13cccb214495e14648d2c9b8f2c6072fd5219e74502dd35ede81e1@%3Cdev.ambari.apache.org%3E

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r9f13cccb214495e14648d2c9b8f2c6072fd5219e74502dd35ede81e1@%3Cdev.ambari.apache.org%3E

reference_url

https://lists.apache.org/thread.html/ra889d95141059c6cbe77dd80249bb488ae53b274b5f3abad09d9511d@%3Cuser.ignite.apache.org%3E

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/ra889d95141059c6cbe77dd80249bb488ae53b274b5f3abad09d9511d@%3Cuser.ignite.apache.org%3E

reference_url

https://lists.apache.org/thread.html/raf7ca57033e537e4f9d7df7f192fa6968c1e49409b2348e08d807ccb@%3Cuser.ignite.apache.org%3E

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/raf7ca57033e537e4f9d7df7f192fa6968c1e49409b2348e08d807ccb@%3Cuser.ignite.apache.org%3E

reference_url

https://lists.apache.org/thread.html/rb18ed999153ef0f0cb7af03efe0046c42c7242fd77fbd884a75ecfdc@%3Ccommits.pulsar.apache.org%3E

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/rb18ed999153ef0f0cb7af03efe0046c42c7242fd77fbd884a75ecfdc@%3Ccommits.pulsar.apache.org%3E

reference_url

https://lists.apache.org/thread.html/rc9efaf6db98bee19db1bc911d0fa442287dac5cb229d4aaa08b6a13d@%3Cissues.hive.apache.org%3E

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/rc9efaf6db98bee19db1bc911d0fa442287dac5cb229d4aaa08b6a13d@%3Cissues.hive.apache.org%3E

reference_url

https://lists.apache.org/thread.html/rd462a8b0dfab4c15e67c0672cd3c211ecd0e4f018f824082ed54f665@%3Cissues.hive.apache.org%3E

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/rd462a8b0dfab4c15e67c0672cd3c211ecd0e4f018f824082ed54f665@%3Cissues.hive.apache.org%3E

reference_url

https://lists.apache.org/thread.html/re014a49d77f038ba70e5e9934d400af6653e8c9ac110d32b1254127e@%3Cdev.ranger.apache.org%3E

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/re014a49d77f038ba70e5e9934d400af6653e8c9ac110d32b1254127e@%3Cdev.ranger.apache.org%3E

reference_url

https://lists.apache.org/thread.html/rf00d8f4101a1c1ea4de6ea1e09ddf7472cfd306745c90d6da87ae074@%3Cdev.hive.apache.org%3E

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/rf00d8f4101a1c1ea4de6ea1e09ddf7472cfd306745c90d6da87ae074@%3Cdev.hive.apache.org%3E

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2020-5421

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2020-5421

reference_url

https://security.netapp.com/advisory/ntap-20210513-0009

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20210513-0009

reference_url	https://security.netapp.com/advisory/ntap-20210513-0009/
reference_id
reference_type
scores
url	https://security.netapp.com/advisory/ntap-20210513-0009/

reference_url

https://tanzu.vmware.com/security/cve-2020-5421

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://tanzu.vmware.com/security/cve-2020-5421

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1881158
reference_id	1881158
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1881158

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=973381
reference_id	973381
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=973381

reference_url

https://github.com/advisories/GHSA-rv39-3qh7-9v7w

reference_id

GHSA-rv39-3qh7-9v7w

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-rv39-3qh7-9v7w

reference_url	https://access.redhat.com/errata/RHSA-2021:3140
reference_id	RHSA-2021:3140
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:3140

fixed_packages

url pkg:maven/org.springframework/spring-core@4.2.9.RELEASE

purl pkg:maven/org.springframework/spring-core@4.2.9.RELEASE

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8cpe-j15y-jbdk

vulnerability	VCID-8ge5-5c1e-7yeg

vulnerability	VCID-98z5-6z3z-mkf6

vulnerability	VCID-a7rq-rmbf-t3es

vulnerability	VCID-c67u-pz7u-c7bf

vulnerability	VCID-e3yh-y2av-wff3

vulnerability	VCID-m6tq-7gmn-2kdy

vulnerability	VCID-n3z8-z3gf-zydq

vulnerability	VCID-r8q8-2grb-7ug8

vulnerability	VCID-v4xw-cyut-xkcj

vulnerability	VCID-znax-q3vq-g7cj

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-core@4.2.9.RELEASE

url pkg:maven/org.springframework/spring-core@4.3.28.RELEASE

purl pkg:maven/org.springframework/spring-core@4.3.28.RELEASE

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8cpe-j15y-jbdk

vulnerability	VCID-98z5-6z3z-mkf6

vulnerability	VCID-e3yh-y2av-wff3

vulnerability	VCID-m6tq-7gmn-2kdy

vulnerability	VCID-n3z8-z3gf-zydq

vulnerability	VCID-r8q8-2grb-7ug8

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-core@4.3.28.RELEASE

url pkg:maven/org.springframework/spring-core@4.3.29.RELEASE

purl pkg:maven/org.springframework/spring-core@4.3.29.RELEASE

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8cpe-j15y-jbdk

vulnerability	VCID-98z5-6z3z-mkf6

vulnerability	VCID-e3yh-y2av-wff3

vulnerability	VCID-m6tq-7gmn-2kdy

vulnerability	VCID-n3z8-z3gf-zydq

vulnerability	VCID-r8q8-2grb-7ug8

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-core@4.3.29.RELEASE

url pkg:maven/org.springframework/spring-core@5.0.18.RELEASE

purl pkg:maven/org.springframework/spring-core@5.0.18.RELEASE

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8cpe-j15y-jbdk

vulnerability	VCID-98z5-6z3z-mkf6

vulnerability	VCID-e3yh-y2av-wff3

vulnerability	VCID-m6tq-7gmn-2kdy

vulnerability	VCID-n3z8-z3gf-zydq

vulnerability	VCID-r8q8-2grb-7ug8

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-core@5.0.18.RELEASE

url pkg:maven/org.springframework/spring-core@5.0.19.RELEASE

purl pkg:maven/org.springframework/spring-core@5.0.19.RELEASE

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8cpe-j15y-jbdk

vulnerability	VCID-98z5-6z3z-mkf6

vulnerability	VCID-e3yh-y2av-wff3

vulnerability	VCID-m6tq-7gmn-2kdy

vulnerability	VCID-n3z8-z3gf-zydq

vulnerability	VCID-r8q8-2grb-7ug8

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-core@5.0.19.RELEASE

url pkg:maven/org.springframework/spring-core@5.1.17.RELEASE

purl pkg:maven/org.springframework/spring-core@5.1.17.RELEASE

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8cpe-j15y-jbdk

vulnerability	VCID-98z5-6z3z-mkf6

vulnerability	VCID-e3yh-y2av-wff3

vulnerability	VCID-m6tq-7gmn-2kdy

vulnerability	VCID-n3z8-z3gf-zydq

vulnerability	VCID-r8q8-2grb-7ug8

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-core@5.1.17.RELEASE

url pkg:maven/org.springframework/spring-core@5.1.18.RELEASE

purl pkg:maven/org.springframework/spring-core@5.1.18.RELEASE

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8cpe-j15y-jbdk

vulnerability	VCID-98z5-6z3z-mkf6

vulnerability	VCID-e3yh-y2av-wff3

vulnerability	VCID-m6tq-7gmn-2kdy

vulnerability	VCID-n3z8-z3gf-zydq

vulnerability	VCID-r8q8-2grb-7ug8

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-core@5.1.18.RELEASE

url pkg:maven/org.springframework/spring-core@5.2.8.RELEASE

purl pkg:maven/org.springframework/spring-core@5.2.8.RELEASE

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8cpe-j15y-jbdk

vulnerability	VCID-98z5-6z3z-mkf6

vulnerability	VCID-e3yh-y2av-wff3

vulnerability	VCID-eay2-n7ub-jkg7

vulnerability	VCID-m6tq-7gmn-2kdy

vulnerability	VCID-n3z8-z3gf-zydq

vulnerability	VCID-r8q8-2grb-7ug8

vulnerability	VCID-snp1-wade-sufb

vulnerability	VCID-y99q-rpww-k3df

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-core@5.2.8.RELEASE

url pkg:maven/org.springframework/spring-core@5.2.9.RELEASE

purl pkg:maven/org.springframework/spring-core@5.2.9.RELEASE

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8cpe-j15y-jbdk

vulnerability	VCID-98z5-6z3z-mkf6

vulnerability	VCID-e3yh-y2av-wff3

vulnerability	VCID-eay2-n7ub-jkg7

vulnerability	VCID-m6tq-7gmn-2kdy

vulnerability	VCID-n3z8-z3gf-zydq

vulnerability	VCID-r8q8-2grb-7ug8

vulnerability	VCID-snp1-wade-sufb

vulnerability	VCID-y99q-rpww-k3df

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-core@5.2.9.RELEASE

aliases CVE-2020-5421, GHSA-rv39-3qh7-9v7w

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ndek-xah6-47d2

url VCID-p2zg-2mb2-jqck

vulnerability_id VCID-p2zg-2mb2-jqck

summary Spring Framework Inefficient Regular Expression Complexity

references

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-1190.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-1190.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2009-1190

reference_id

reference_type

scores

value	0.01381
scoring_system	epss
scoring_elements	0.80694
published_at	2026-06-11T12:55:00Z

value	0.01381
scoring_system	epss
scoring_elements	0.80755
published_at	2026-06-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2009-1190

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=497161

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=497161

reference_url

https://exchange.xforce.ibmcloud.com/vulnerabilities/50083

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://exchange.xforce.ibmcloud.com/vulnerabilities/50083

reference_url	https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1190
reference_id
reference_type
scores
url	https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1190

reference_url

http://www.packetstormsecurity.org/hitb06/DAY_1_-_Marc_Schoenefeld_-_Pentesting_Java_J2EE.pdf

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.packetstormsecurity.org/hitb06/DAY_1_-_Marc_Schoenefeld_-_Pentesting_Java_J2EE.pdf

reference_url

http://www.springsource.com/securityadvisory

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.springsource.com/securityadvisory

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2009-1190

reference_id

CVE-2009-1190

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2009-1190

reference_url	http://support.springsource.com/security/cve-2009-1190
reference_id	CVE-2009-1190
reference_type
scores
url	http://support.springsource.com/security/cve-2009-1190

reference_url

https://github.com/advisories/GHSA-wjjr-h4wh-w6vv

reference_id

GHSA-wjjr-h4wh-w6vv

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-wjjr-h4wh-w6vv

fixed_packages

url pkg:maven/org.springframework/spring-core@2.5.6.SEC01

purl pkg:maven/org.springframework/spring-core@2.5.6.SEC01

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5t2c-vayx-2fe4

vulnerability	VCID-5unr-uxny-rfdm

vulnerability	VCID-8cpe-j15y-jbdk

vulnerability	VCID-98z5-6z3z-mkf6

vulnerability	VCID-a7rq-rmbf-t3es

vulnerability	VCID-c67u-pz7u-c7bf

vulnerability	VCID-e3yh-y2av-wff3

vulnerability	VCID-m6tq-7gmn-2kdy

vulnerability	VCID-n3z8-z3gf-zydq

vulnerability	VCID-ndek-xah6-47d2

vulnerability	VCID-r8q8-2grb-7ug8

vulnerability	VCID-rdaq-2d1v-cua2

vulnerability	VCID-sw3u-a2s1-23b7

vulnerability	VCID-znax-q3vq-g7cj

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-core@2.5.6.SEC01

url pkg:maven/org.springframework/spring-core@3.0.0.RELEASE

purl pkg:maven/org.springframework/spring-core@3.0.0.RELEASE

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-22s9-d1rk-23dn

vulnerability	VCID-5t2c-vayx-2fe4

vulnerability	VCID-5unr-uxny-rfdm

vulnerability	VCID-8cpe-j15y-jbdk

vulnerability	VCID-98z5-6z3z-mkf6

vulnerability	VCID-a7rq-rmbf-t3es

vulnerability	VCID-c67u-pz7u-c7bf

vulnerability	VCID-e3yh-y2av-wff3

vulnerability	VCID-m6tq-7gmn-2kdy

vulnerability	VCID-n3z8-z3gf-zydq

vulnerability	VCID-ndek-xah6-47d2

vulnerability	VCID-r8q8-2grb-7ug8

vulnerability	VCID-rdaq-2d1v-cua2

vulnerability	VCID-sw3u-a2s1-23b7

vulnerability	VCID-vvv9-hpac-sqf6

vulnerability	VCID-znax-q3vq-g7cj

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-core@3.0.0.RELEASE

url pkg:maven/org.springframework/spring-core@3.0.1.RELEASE

purl pkg:maven/org.springframework/spring-core@3.0.1.RELEASE

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-22s9-d1rk-23dn

vulnerability	VCID-5t2c-vayx-2fe4

vulnerability	VCID-5unr-uxny-rfdm

vulnerability	VCID-8cpe-j15y-jbdk

vulnerability	VCID-98z5-6z3z-mkf6

vulnerability	VCID-a7rq-rmbf-t3es

vulnerability	VCID-c67u-pz7u-c7bf

vulnerability	VCID-e3yh-y2av-wff3

vulnerability	VCID-m6tq-7gmn-2kdy

vulnerability	VCID-n3z8-z3gf-zydq

vulnerability	VCID-ndek-xah6-47d2

vulnerability	VCID-r8q8-2grb-7ug8

vulnerability	VCID-rdaq-2d1v-cua2

vulnerability	VCID-sw3u-a2s1-23b7

vulnerability	VCID-vvv9-hpac-sqf6

vulnerability	VCID-znax-q3vq-g7cj

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-core@3.0.1.RELEASE

aliases CVE-2009-1190, GHSA-wjjr-h4wh-w6vv

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-p2zg-2mb2-jqck

url VCID-r8q8-2grb-7ug8

vulnerability_id VCID-r8q8-2grb-7ug8

summary In Spring Framework versions 6.0.0 - 6.0.6, 5.3.0 - 5.3.25, 5.2.0.RELEASE - 5.2.22.RELEASE, and older unsupported versions, it is possible for a user to provide a specially crafted SpEL expression that may cause a denial-of-service (DoS) condition.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-20861.json

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-20861.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-20861

reference_id

reference_type

scores

value	0.00542
scoring_system	epss
scoring_elements	0.68239
published_at	2026-06-12T12:55:00Z

value	0.00542
scoring_system	epss
scoring_elements	0.6815
published_at	2026-06-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-20861

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20861
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20861

reference_url

https://github.com/spring-projects/spring-framework

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/spring-projects/spring-framework

reference_url

https://github.com/spring-projects/spring-framework/commit/430fc25acad2e85cbdddcd52b64481691f03ebd1

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/spring-projects/spring-framework/commit/430fc25acad2e85cbdddcd52b64481691f03ebd1

reference_url

https://github.com/spring-projects/spring-framework/commit/52c93b1c4b24d70de233a958e60e7c5822bd274f

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/spring-projects/spring-framework/commit/52c93b1c4b24d70de233a958e60e7c5822bd274f

reference_url

https://github.com/spring-projects/spring-framework/commit/935c29e3ddba5b19951e54f6685c70ed45d9cbe5

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/spring-projects/spring-framework/commit/935c29e3ddba5b19951e54f6685c70ed45d9cbe5

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2023-20861

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2023-20861

reference_url

https://security.netapp.com/advisory/ntap-20230420-0007

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20230420-0007

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2180530
reference_id	2180530
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2180530

reference_url

https://spring.io/security/cve-2023-20861

reference_id

cve-2023-20861

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-25T15:31:28Z/

url

https://spring.io/security/cve-2023-20861

reference_url

https://github.com/advisories/GHSA-564r-hj7v-mcr5

reference_id

GHSA-564r-hj7v-mcr5

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-564r-hj7v-mcr5

reference_url

https://security.netapp.com/advisory/ntap-20230420-0007/

reference_id

ntap-20230420-0007

reference_type

scores

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-25T15:31:28Z/

url

https://security.netapp.com/advisory/ntap-20230420-0007/

reference_url	https://access.redhat.com/errata/RHSA-2023:2100
reference_id	RHSA-2023:2100
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:2100

reference_url	https://access.redhat.com/errata/RHSA-2023:3185
reference_id	RHSA-2023:3185
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:3185

reference_url	https://access.redhat.com/errata/RHSA-2023:3610
reference_id	RHSA-2023:3610
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:3610

reference_url	https://access.redhat.com/errata/RHSA-2023:3622
reference_id	RHSA-2023:3622
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:3622

reference_url	https://access.redhat.com/errata/RHSA-2023:3771
reference_id	RHSA-2023:3771
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:3771

reference_url	https://access.redhat.com/errata/RHSA-2023:3954
reference_id	RHSA-2023:3954
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:3954

reference_url	https://access.redhat.com/errata/RHSA-2023:4612
reference_id	RHSA-2023:4612
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:4612

reference_url	https://access.redhat.com/errata/RHSA-2023:4983
reference_id	RHSA-2023:4983
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:4983

reference_url	https://access.redhat.com/errata/RHSA-2024:0778
reference_id	RHSA-2024:0778
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:0778

fixed_packages

url pkg:maven/org.springframework/spring-core@5.2.23.RELEASE

purl pkg:maven/org.springframework/spring-core@5.2.23.RELEASE

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-m6tq-7gmn-2kdy

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-core@5.2.23.RELEASE

url pkg:maven/org.springframework/spring-core@5.3.26

purl pkg:maven/org.springframework/spring-core@5.3.26

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1w5g-w36x-n7cq

vulnerability	VCID-m6tq-7gmn-2kdy

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-core@5.3.26

url pkg:maven/org.springframework/spring-core@6.0.7

purl pkg:maven/org.springframework/spring-core@6.0.7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1w5g-w36x-n7cq

vulnerability	VCID-m6tq-7gmn-2kdy

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-core@6.0.7

aliases CVE-2023-20861, GHSA-564r-hj7v-mcr5

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-r8q8-2grb-7ug8

url VCID-rdaq-2d1v-cua2

vulnerability_id VCID-rdaq-2d1v-cua2

summary

references

reference_url

http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162015.html

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162015.html

reference_url

http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162017.html

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162017.html

reference_url

http://rhn.redhat.com/errata/RHSA-2016-1592.html

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://rhn.redhat.com/errata/RHSA-2016-1592.html

reference_url

http://rhn.redhat.com/errata/RHSA-2016-1593.html

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://rhn.redhat.com/errata/RHSA-2016-1593.html

reference_url

https://access.redhat.com/errata/RHSA-2016:1218

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2016:1218

reference_url

https://access.redhat.com/errata/RHSA-2016:1219

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2016:1219

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-3192.json

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-3192.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2015-3192

reference_id

reference_type

scores

value	0.01378
scoring_system	epss
scoring_elements	0.80734
published_at	2026-06-12T12:55:00Z

value	0.01378
scoring_system	epss
scoring_elements	0.80674
published_at	2026-06-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2015-3192

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3192
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3192

reference_url

https://github.com/spring-projects/spring-framework

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/spring-projects/spring-framework

reference_url

https://github.com/spring-projects/spring-framework/commit/0411435bac835de88a80a64b3f67b1b89244e907

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/spring-projects/spring-framework/commit/0411435bac835de88a80a64b3f67b1b89244e907

reference_url

https://github.com/spring-projects/spring-framework/commit/38b8262e1e2db9be9d2171d81547da5c65ba7e09

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/spring-projects/spring-framework/commit/38b8262e1e2db9be9d2171d81547da5c65ba7e09

reference_url	https://github.com/spring-projects/spring-framework/commit/5a711c05ec750f069235597173084c2ee796242
reference_id
reference_type
scores
url	https://github.com/spring-projects/spring-framework/commit/5a711c05ec750f069235597173084c2ee796242

reference_url

https://github.com/spring-projects/spring-framework/commit/5a711c05ec750f069235597173084c2ee7962424

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/spring-projects/spring-framework/commit/5a711c05ec750f069235597173084c2ee7962424

reference_url

https://github.com/spring-projects/spring-framework/commit/9c3580d04e84d25a90ef4c249baee1b4e02df15e

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/spring-projects/spring-framework/commit/9c3580d04e84d25a90ef4c249baee1b4e02df15e

reference_url

https://github.com/spring-projects/spring-framework/commit/d79ec68db40c381b8e205af52748ebd3163ee33b

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/spring-projects/spring-framework/commit/d79ec68db40c381b8e205af52748ebd3163ee33b

reference_url

https://github.com/spring-projects/spring-framework/commit/e4651d6b50c5bc85c84ff537859c212ac4e33434

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/spring-projects/spring-framework/commit/e4651d6b50c5bc85c84ff537859c212ac4e33434

reference_url

https://github.com/spring-projects/spring-framework/issues/17727

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/spring-projects/spring-framework/issues/17727

reference_url

https://github.com/spring-projects/spring-framework/issues/20352

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/spring-projects/spring-framework/issues/20352

reference_url

https://jira.spring.io/browse/SPR-13136

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://jira.spring.io/browse/SPR-13136

reference_url

https://jira.spring.io/browse/SPR-13136?redirect=false

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://jira.spring.io/browse/SPR-13136?redirect=false

reference_url

https://lists.debian.org/debian-lts-announce/2019/07/msg00012.html

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2019/07/msg00012.html

reference_url

http://www.securityfocus.com/bid/90853

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.securityfocus.com/bid/90853

reference_url

http://www.securitytracker.com/id/1036587

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.securitytracker.com/id/1036587

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1239002
reference_id	1239002
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1239002

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=796137
reference_id	796137
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=796137

reference_url	http://pivotal.io/security/cve-2015-3192
reference_id	CVE-2015-3192
reference_type
scores
url	http://pivotal.io/security/cve-2015-3192

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2015-3192

reference_id

CVE-2015-3192

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2015-3192

reference_url

https://spring.io/security/cve-2015-3192

reference_id

CVE-2015-3192

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://spring.io/security/cve-2015-3192

reference_url

https://github.com/advisories/GHSA-6v7w-535j-rq5m

reference_id

GHSA-6v7w-535j-rq5m

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/advisories/GHSA-6v7w-535j-rq5m

reference_url	https://access.redhat.com/errata/RHSA-2016:1592
reference_id	RHSA-2016:1592
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2016:1592

reference_url	https://access.redhat.com/errata/RHSA-2016:1593
reference_id	RHSA-2016:1593
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2016:1593

reference_url	https://access.redhat.com/errata/RHSA-2016:2035
reference_id	RHSA-2016:2035
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2016:2035

reference_url	https://access.redhat.com/errata/RHSA-2016:2036
reference_id	RHSA-2016:2036
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2016:2036

reference_url	https://usn.ubuntu.com/USN-4774-1/
reference_id	USN-USN-4774-1
reference_type
scores
url	https://usn.ubuntu.com/USN-4774-1/

fixed_packages

url	pkg:maven/org.springframework/spring-core@3.2.14
purl	pkg:maven/org.springframework/spring-core@3.2.14
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-core@3.2.14

url pkg:maven/org.springframework/spring-core@3.2.14.RELEASE

purl pkg:maven/org.springframework/spring-core@3.2.14.RELEASE

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5unr-uxny-rfdm

vulnerability	VCID-8cpe-j15y-jbdk

vulnerability	VCID-98z5-6z3z-mkf6

vulnerability	VCID-a7rq-rmbf-t3es

vulnerability	VCID-c67u-pz7u-c7bf

vulnerability	VCID-e3yh-y2av-wff3

vulnerability	VCID-m6tq-7gmn-2kdy

vulnerability	VCID-n3z8-z3gf-zydq

vulnerability	VCID-ndek-xah6-47d2

vulnerability	VCID-r8q8-2grb-7ug8

vulnerability	VCID-znax-q3vq-g7cj

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-core@3.2.14.RELEASE

url	pkg:maven/org.springframework/spring-core@4.1.7
purl	pkg:maven/org.springframework/spring-core@4.1.7
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-core@4.1.7

url pkg:maven/org.springframework/spring-core@4.1.7.RELEASE

purl pkg:maven/org.springframework/spring-core@4.1.7.RELEASE

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8cpe-j15y-jbdk

vulnerability	VCID-98z5-6z3z-mkf6

vulnerability	VCID-a7rq-rmbf-t3es

vulnerability	VCID-c67u-pz7u-c7bf

vulnerability	VCID-e3yh-y2av-wff3

vulnerability	VCID-m6tq-7gmn-2kdy

vulnerability	VCID-n3z8-z3gf-zydq

vulnerability	VCID-ndek-xah6-47d2

vulnerability	VCID-r8q8-2grb-7ug8

vulnerability	VCID-znax-q3vq-g7cj

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-core@4.1.7.RELEASE

aliases CVE-2015-3192, GHSA-6v7w-535j-rq5m

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-rdaq-2d1v-cua2

url VCID-znax-q3vq-g7cj

vulnerability_id VCID-znax-q3vq-g7cj

summary

references

reference_url

https://access.redhat.com/errata/RHSA-2018:1320

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2018:1320

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1275.json

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1275.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-1275

reference_id

reference_type

scores

value	0.38064
scoring_system	epss
scoring_elements	0.97325
published_at	2026-06-12T12:55:00Z

value	0.38064
scoring_system	epss
scoring_elements	0.97318
published_at	2026-06-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-1275

reference_url

https://github.com/spring-projects/spring-framework

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/spring-projects/spring-framework

reference_url

https://github.com/spring-projects/spring-framework/commit/0009806debb578e884f6dc98bd1f2dc668020021

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/spring-projects/spring-framework/commit/0009806debb578e884f6dc98bd1f2dc668020021

reference_url	https://github.com/spring-projects/spring-framework/commit/1db7e02de3eb0c011ee6681f5a12eb9d166fea8
reference_id
reference_type
scores
url	https://github.com/spring-projects/spring-framework/commit/1db7e02de3eb0c011ee6681f5a12eb9d166fea8

reference_url	https://github.com/spring-projects/spring-framework/commit/d3acf45ea4db51fa5c4cbd0bc0e7b6d9ef805e6
reference_id
reference_type
scores
url	https://github.com/spring-projects/spring-framework/commit/d3acf45ea4db51fa5c4cbd0bc0e7b6d9ef805e6

reference_url

https://github.com/spring-projects/spring-framework/commit/e0de9126ed8cf25cf141d3e66420da94e350708a

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/spring-projects/spring-framework/commit/e0de9126ed8cf25cf141d3e66420da94e350708a

reference_url

https://lists.apache.org/thread.html/4ed49b103f64a0cecb38064f26cbf1389afc12124653da2d35166dbe@%3Cissues.activemq.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/4ed49b103f64a0cecb38064f26cbf1389afc12124653da2d35166dbe@%3Cissues.activemq.apache.org%3E

reference_url

https://lists.apache.org/thread.html/ab825fcade0b49becfa30235b3d54f4a51bb74ea96b6c9adb5d1378c@%3Cissues.activemq.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/ab825fcade0b49becfa30235b3d54f4a51bb74ea96b6c9adb5d1378c@%3Cissues.activemq.apache.org%3E

reference_url

https://lists.apache.org/thread.html/dcf8599b80e43a6b60482607adb76c64672772dc2d9209ae2170f369@%3Cissues.activemq.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/dcf8599b80e43a6b60482607adb76c64672772dc2d9209ae2170f369@%3Cissues.activemq.apache.org%3E

reference_url

https://web.archive.org/web/20190901081835/http://www.securitytracker.com/id/1041301

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20190901081835/http://www.securitytracker.com/id/1041301

reference_url

https://web.archive.org/web/20200227033125/http://www.securityfocus.com/bid/103771

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20200227033125/http://www.securityfocus.com/bid/103771

reference_url	http://www.securityfocus.com/bid/103771
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/103771

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1565307
reference_id	1565307
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1565307

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2018-1275

reference_id

CVE-2018-1275

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2018-1275

reference_url

https://pivotal.io/security/cve-2018-1275

reference_id

CVE-2018-1275

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://pivotal.io/security/cve-2018-1275

reference_url

https://github.com/advisories/GHSA-3rmv-2pg5-xvqj

reference_id

GHSA-3rmv-2pg5-xvqj

reference_type

scores

value	CRITICAL
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-3rmv-2pg5-xvqj

reference_url

https://access.redhat.com/errata/RHSA-2018:2939

reference_id

RHSA-2018:2939

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2018:2939

fixed_packages

url	pkg:maven/org.springframework/spring-core@4.3.16
purl	pkg:maven/org.springframework/spring-core@4.3.16
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-core@4.3.16

url pkg:maven/org.springframework/spring-core@4.3.16.RELEASE

purl pkg:maven/org.springframework/spring-core@4.3.16.RELEASE

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8cpe-j15y-jbdk

vulnerability	VCID-98z5-6z3z-mkf6

vulnerability	VCID-e3yh-y2av-wff3

vulnerability	VCID-m6tq-7gmn-2kdy

vulnerability	VCID-n3z8-z3gf-zydq

vulnerability	VCID-ndek-xah6-47d2

vulnerability	VCID-r8q8-2grb-7ug8

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-core@4.3.16.RELEASE

url	pkg:maven/org.springframework/spring-core@5.0.5
purl	pkg:maven/org.springframework/spring-core@5.0.5
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-core@5.0.5

url pkg:maven/org.springframework/spring-core@5.0.5.RELEASE

purl pkg:maven/org.springframework/spring-core@5.0.5.RELEASE

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-634d-qbv5-j7f5

vulnerability	VCID-8cpe-j15y-jbdk

vulnerability	VCID-98z5-6z3z-mkf6

vulnerability	VCID-e3yh-y2av-wff3

vulnerability	VCID-m6tq-7gmn-2kdy

vulnerability	VCID-n3z8-z3gf-zydq

vulnerability	VCID-ndek-xah6-47d2

vulnerability	VCID-r8q8-2grb-7ug8

vulnerability	VCID-v4xw-cyut-xkcj

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-core@5.0.5.RELEASE

aliases CVE-2018-1275, GHSA-3rmv-2pg5-xvqj

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-znax-q3vq-g7cj

Fixing_vulnerabilities

Risk_score 10.0

Resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-core@1.1.5

Package Instance