Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:maven/org.springframework/spring-core@5.0.17.RELEASE

Type maven

Namespace org.springframework

Name spring-core

Version 5.0.17.RELEASE

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 5.2.24.RELEASE

Latest_non_vulnerable_version 6.2.11

Affected_by_vulnerabilities

url VCID-8cpe-j15y-jbdk

vulnerability_id VCID-8cpe-j15y-jbdk

summary In spring framework versions prior to 5.3.20+ , 5.2.22+ and old unsupported versions, application with a STOMP over WebSocket endpoint is vulnerable to a denial of service attack by an authenticated user.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-22971.json

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-22971.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-22971

reference_id

reference_type

scores

value	0.00247
scoring_system	epss
scoring_elements	0.4821
published_at	2026-06-11T12:55:00Z

value	0.00247
scoring_system	epss
scoring_elements	0.48364
published_at	2026-06-13T12:55:00Z

value	0.00247
scoring_system	epss
scoring_elements	0.48347
published_at	2026-06-12T12:55:00Z

value	0.00247
scoring_system	epss
scoring_elements	0.4835
published_at	2026-06-14T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-22971

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22971
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22971

reference_url

https://github.com/spring-projects/spring-framework

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/spring-projects/spring-framework

reference_url

https://github.com/spring-projects/spring-framework/commit/159a99bbafdd6c01871228113d7042c3f83f360f

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/spring-projects/spring-framework/commit/159a99bbafdd6c01871228113d7042c3f83f360f

reference_url

https://github.com/spring-projects/spring-framework/commit/dc2947c52df18d5e99cad03383f7d6ba13d031fd

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/spring-projects/spring-framework/commit/dc2947c52df18d5e99cad03383f7d6ba13d031fd

reference_url

https://security.netapp.com/advisory/ntap-20220616-0003

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20220616-0003

reference_url	https://security.netapp.com/advisory/ntap-20220616-0003/
reference_id
reference_type
scores
url	https://security.netapp.com/advisory/ntap-20220616-0003/

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2087274
reference_id	2087274
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2087274

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2022-22971

reference_id

CVE-2022-22971

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2022-22971

reference_url

https://tanzu.vmware.com/security/cve-2022-22971

reference_id

CVE-2022-22971

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://tanzu.vmware.com/security/cve-2022-22971

reference_url

https://github.com/advisories/GHSA-rqph-vqwm-22vc

reference_id

GHSA-rqph-vqwm-22vc

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-rqph-vqwm-22vc

reference_url	https://access.redhat.com/errata/RHSA-2022:5532
reference_id	RHSA-2022:5532
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:5532

reference_url	https://access.redhat.com/errata/RHSA-2023:1661
reference_id	RHSA-2023:1661
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:1661

reference_url	https://access.redhat.com/errata/RHSA-2023:3185
reference_id	RHSA-2023:3185
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:3185

fixed_packages

url pkg:maven/org.springframework/spring-core@5.2.22.RELEASE

purl pkg:maven/org.springframework/spring-core@5.2.22.RELEASE

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-m6tq-7gmn-2kdy

vulnerability	VCID-r8q8-2grb-7ug8

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-core@5.2.22.RELEASE

url pkg:maven/org.springframework/spring-core@5.3.20

purl pkg:maven/org.springframework/spring-core@5.3.20

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1w5g-w36x-n7cq

vulnerability	VCID-m6tq-7gmn-2kdy

vulnerability	VCID-r8q8-2grb-7ug8

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-core@5.3.20

aliases CVE-2022-22971, GHSA-rqph-vqwm-22vc

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8cpe-j15y-jbdk

url VCID-98z5-6z3z-mkf6

vulnerability_id VCID-98z5-6z3z-mkf6

summary Improper handling of case sensitivity in Spring Framework

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-22968.json

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-22968.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-22968

reference_id

reference_type

scores

value	0.2051
scoring_system	epss
scoring_elements	0.95708
published_at	2026-06-13T12:55:00Z

value	0.2051
scoring_system	epss
scoring_elements	0.95694
published_at	2026-06-11T12:55:00Z

value	0.2051
scoring_system	epss
scoring_elements	0.95707
published_at	2026-06-12T12:55:00Z

value	0.2051
scoring_system	epss
scoring_elements	0.9571
published_at	2026-06-14T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-22968

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22968
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22968

reference_url

https://github.com/spring-projects/spring-framework

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/spring-projects/spring-framework

reference_url

https://github.com/spring-projects/spring-framework/commit/833e750175349ab4fd502109a8b41af77e25cdea

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/spring-projects/spring-framework/commit/833e750175349ab4fd502109a8b41af77e25cdea

reference_url

https://github.com/spring-projects/spring-framework/commit/a7cf19cec5ebd270f97a194d749e2d5701ad2ab7

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/spring-projects/spring-framework/commit/a7cf19cec5ebd270f97a194d749e2d5701ad2ab7

reference_url

https://security.netapp.com/advisory/ntap-20220602-0004

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20220602-0004

reference_url	https://security.netapp.com/advisory/ntap-20220602-0004/
reference_id
reference_type
scores
url	https://security.netapp.com/advisory/ntap-20220602-0004/

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2075441
reference_id	2075441
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2075441

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2022-22968

reference_id

CVE-2022-22968

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2022-22968

reference_url

https://tanzu.vmware.com/security/cve-2022-22968

reference_id

CVE-2022-22968

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://tanzu.vmware.com/security/cve-2022-22968

reference_url

https://github.com/advisories/GHSA-g5mm-vmx4-3rg7

reference_id

GHSA-g5mm-vmx4-3rg7

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-g5mm-vmx4-3rg7

reference_url	https://access.redhat.com/errata/RHSA-2022:5101
reference_id	RHSA-2022:5101
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:5101

reference_url	https://access.redhat.com/errata/RHSA-2022:5532
reference_id	RHSA-2022:5532
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:5532

fixed_packages

url	pkg:maven/org.springframework/spring-core@5.2.21
purl	pkg:maven/org.springframework/spring-core@5.2.21
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-core@5.2.21

url pkg:maven/org.springframework/spring-core@5.2.21.RELEASE

purl pkg:maven/org.springframework/spring-core@5.2.21.RELEASE

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8cpe-j15y-jbdk

vulnerability	VCID-e3yh-y2av-wff3

vulnerability	VCID-m6tq-7gmn-2kdy

vulnerability	VCID-r8q8-2grb-7ug8

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-core@5.2.21.RELEASE

url pkg:maven/org.springframework/spring-core@5.3.19

purl pkg:maven/org.springframework/spring-core@5.3.19

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1w5g-w36x-n7cq

vulnerability	VCID-8cpe-j15y-jbdk

vulnerability	VCID-e3yh-y2av-wff3

vulnerability	VCID-m6tq-7gmn-2kdy

vulnerability	VCID-r8q8-2grb-7ug8

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-core@5.3.19

aliases CVE-2022-22968, GHSA-g5mm-vmx4-3rg7

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-98z5-6z3z-mkf6

url VCID-e3yh-y2av-wff3

vulnerability_id VCID-e3yh-y2av-wff3

summary In spring framework versions prior to 5.3.20+ , 5.2.22+ and old unsupported versions, applications that handle file uploads are vulnerable to DoS attack if they rely on data binding to set a MultipartFile or javax.servlet.Part to a field in a model object.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-22970.json

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-22970.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-22970

reference_id

reference_type

scores

value	0.00164
scoring_system	epss
scoring_elements	0.37134
published_at	2026-06-11T12:55:00Z

value	0.00164
scoring_system	epss
scoring_elements	0.37337
published_at	2026-06-13T12:55:00Z

value	0.00164
scoring_system	epss
scoring_elements	0.37312
published_at	2026-06-12T12:55:00Z

value	0.00164
scoring_system	epss
scoring_elements	0.37322
published_at	2026-06-14T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-22970

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22970
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22970

reference_url

https://github.com/spring-projects/spring-framework

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/spring-projects/spring-framework

reference_url

https://github.com/spring-projects/spring-framework/commit/50177b1ad3485bd44239b1756f6c14607476fcf2

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/spring-projects/spring-framework/commit/50177b1ad3485bd44239b1756f6c14607476fcf2

reference_url

https://github.com/spring-projects/spring-framework/commit/83186b689f11f5e6efe7ccc08fdeb92f66fcd583

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/spring-projects/spring-framework/commit/83186b689f11f5e6efe7ccc08fdeb92f66fcd583

reference_url

https://security.netapp.com/advisory/ntap-20220616-0006

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20220616-0006

reference_url	https://security.netapp.com/advisory/ntap-20220616-0006/
reference_id
reference_type
scores
url	https://security.netapp.com/advisory/ntap-20220616-0006/

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2087272
reference_id	2087272
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2087272

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2022-22970

reference_id

CVE-2022-22970

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2022-22970

reference_url

https://tanzu.vmware.com/security/cve-2022-22970

reference_id

CVE-2022-22970

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://tanzu.vmware.com/security/cve-2022-22970

reference_url

https://github.com/advisories/GHSA-hh26-6xwr-ggv7

reference_id

GHSA-hh26-6xwr-ggv7

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-hh26-6xwr-ggv7

reference_url	https://access.redhat.com/errata/RHSA-2022:5532
reference_id	RHSA-2022:5532
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:5532

reference_url	https://access.redhat.com/errata/RHSA-2023:1661
reference_id	RHSA-2023:1661
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:1661

reference_url	https://access.redhat.com/errata/RHSA-2023:3185
reference_id	RHSA-2023:3185
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:3185

fixed_packages

url pkg:maven/org.springframework/spring-core@5.2.22.RELEASE

purl pkg:maven/org.springframework/spring-core@5.2.22.RELEASE

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-m6tq-7gmn-2kdy

vulnerability	VCID-r8q8-2grb-7ug8

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-core@5.2.22.RELEASE

url pkg:maven/org.springframework/spring-core@5.3.20

purl pkg:maven/org.springframework/spring-core@5.3.20

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1w5g-w36x-n7cq

vulnerability	VCID-m6tq-7gmn-2kdy

vulnerability	VCID-r8q8-2grb-7ug8

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-core@5.3.20

aliases CVE-2022-22970, GHSA-hh26-6xwr-ggv7

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-e3yh-y2av-wff3

url VCID-m6tq-7gmn-2kdy

vulnerability_id VCID-m6tq-7gmn-2kdy

summary In spring framework versions prior to 5.2.24 release+ ,5.3.27+ and 6.0.8+ , it is possible for a user to provide a specially crafted SpEL expression that may cause a denial-of-service (DoS) condition.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-20863.json

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-20863.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-20863

reference_id

reference_type

scores

value	0.00926
scoring_system	epss
scoring_elements	0.76572
published_at	2026-06-14T12:55:00Z

value	0.01066
scoring_system	epss
scoring_elements	0.78187
published_at	2026-06-13T12:55:00Z

value	0.01066
scoring_system	epss
scoring_elements	0.78173
published_at	2026-06-12T12:55:00Z

value	0.01066
scoring_system	epss
scoring_elements	0.78105
published_at	2026-06-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-20863

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20863
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20863

reference_url

https://github.com/spring-projects/spring-framework

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/spring-projects/spring-framework

reference_url

https://github.com/spring-projects/spring-framework/commit/965a6392757d20f9db19241126fcc719a51eac15

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/spring-projects/spring-framework/commit/965a6392757d20f9db19241126fcc719a51eac15

reference_url

https://github.com/spring-projects/spring-framework/commit/b73f5fcac22555f844cf27a7eeb876cb9d7f7f7e

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/spring-projects/spring-framework/commit/b73f5fcac22555f844cf27a7eeb876cb9d7f7f7e

reference_url

https://github.com/spring-projects/spring-framework/commit/ebc82654282bda547fbc20a9749ab1bda886a46f

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/spring-projects/spring-framework/commit/ebc82654282bda547fbc20a9749ab1bda886a46f

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2023-20863

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2023-20863

reference_url

https://security.netapp.com/advisory/ntap-20240524-0015

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20240524-0015

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2187742
reference_id	2187742
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2187742

reference_url

https://spring.io/security/cve-2023-20863

reference_id

cve-2023-20863

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-07T16:47:31Z/

url

https://spring.io/security/cve-2023-20863

reference_url

https://github.com/advisories/GHSA-wxqc-pxw9-g2p8

reference_id

GHSA-wxqc-pxw9-g2p8

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-wxqc-pxw9-g2p8

reference_url

https://security.netapp.com/advisory/ntap-20240524-0015/

reference_id

ntap-20240524-0015

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-07T16:47:31Z/

url

https://security.netapp.com/advisory/ntap-20240524-0015/

reference_url	https://access.redhat.com/errata/RHSA-2023:2099
reference_id	RHSA-2023:2099
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:2099

reference_url	https://access.redhat.com/errata/RHSA-2023:2100
reference_id	RHSA-2023:2100
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:2100

fixed_packages

url	pkg:maven/org.springframework/spring-core@5.2.24.RELEASE
purl	pkg:maven/org.springframework/spring-core@5.2.24.RELEASE
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-core@5.2.24.RELEASE

url pkg:maven/org.springframework/spring-core@5.3.27

purl pkg:maven/org.springframework/spring-core@5.3.27

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1w5g-w36x-n7cq

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-core@5.3.27

url pkg:maven/org.springframework/spring-core@6.0.8

purl pkg:maven/org.springframework/spring-core@6.0.8

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1w5g-w36x-n7cq

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-core@6.0.8

aliases CVE-2023-20863, GHSA-wxqc-pxw9-g2p8

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-m6tq-7gmn-2kdy

url VCID-n3z8-z3gf-zydq

vulnerability_id VCID-n3z8-z3gf-zydq

summary A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application is deployed as a Spring Boot executable jar, i.e. the default, it is not vulnerable to the exploit. However, the nature of the vulnerability is more general, and there may be other ways to exploit it.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-22965.json

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-22965.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-22965

reference_id

reference_type

scores

value	0.94439
scoring_system	epss
scoring_elements	0.9999
published_at	2026-06-14T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-22965

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22965
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22965

reference_url

https://github.com/spring-projects/spring-boot/releases/tag/v2.5.12

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/spring-projects/spring-boot/releases/tag/v2.5.12

reference_url

https://github.com/spring-projects/spring-boot/releases/tag/v2.6.6

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/spring-projects/spring-boot/releases/tag/v2.6.6

reference_url

https://github.com/spring-projects/spring-framework

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/spring-projects/spring-framework

reference_url

https://github.com/spring-projects/spring-framework/commit/002546b3e4b8d791ea6acccb81eb3168f51abb15

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/spring-projects/spring-framework/commit/002546b3e4b8d791ea6acccb81eb3168f51abb15

reference_url

https://github.com/spring-projects/spring-framework/releases/tag/v5.2.20.RELEASE

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/spring-projects/spring-framework/releases/tag/v5.2.20.RELEASE

reference_url

https://github.com/spring-projects/spring-framework/releases/tag/v5.3.18

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/spring-projects/spring-framework/releases/tag/v5.3.18

reference_url

https://spring.io/blog/2022/03/31/spring-framework-rce-early-announcement

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://spring.io/blog/2022/03/31/spring-framework-rce-early-announcement

reference_url	https://spring.io/blog/2022/03/31/spring-framework-rce-early-announcement#suggested-workarounds
reference_id
reference_type
scores
url	https://spring.io/blog/2022/03/31/spring-framework-rce-early-announcement#suggested-workarounds

reference_url

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-22965

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-22965

reference_url

https://www.kb.cert.org/vuls/id/970766

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://www.kb.cert.org/vuls/id/970766

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2070348
reference_id	2070348
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2070348

reference_url

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-java-spring-rce-Zx9GUc67

reference_id

cisco-sa-java-spring-rce-Zx9GUc67

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Act
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-01-29T17:52:10Z/

url

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-java-spring-rce-Zx9GUc67

reference_url

https://www.oracle.com/security-alerts/cpuapr2022.html

reference_id

cpuapr2022.html

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Act
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-01-29T17:52:10Z/

url

https://www.oracle.com/security-alerts/cpuapr2022.html

reference_url

https://www.oracle.com/security-alerts/cpujul2022.html

reference_id

cpujul2022.html

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Act
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-01-29T17:52:10Z/

url

https://www.oracle.com/security-alerts/cpujul2022.html

reference_url

https://tanzu.vmware.com/security/cve-2022-22965

reference_id

cve-2022-22965

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Act
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-01-29T17:52:10Z/

url

https://tanzu.vmware.com/security/cve-2022-22965

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2022-22965

reference_id

CVE-2022-22965

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2022-22965

reference_url

https://github.com/advisories/GHSA-36p3-wjmg-h94x

reference_id

GHSA-36p3-wjmg-h94x

reference_type

scores

value	CRITICAL
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-36p3-wjmg-h94x

reference_url	https://access.redhat.com/errata/RHSA-2022:1306
reference_id	RHSA-2022:1306
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:1306

reference_url	https://access.redhat.com/errata/RHSA-2022:1333
reference_id	RHSA-2022:1333
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:1333

reference_url	https://access.redhat.com/errata/RHSA-2022:1360
reference_id	RHSA-2022:1360
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:1360

reference_url	https://access.redhat.com/errata/RHSA-2022:1378
reference_id	RHSA-2022:1378
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:1378

reference_url	https://access.redhat.com/errata/RHSA-2022:1379
reference_id	RHSA-2022:1379
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:1379

reference_url	https://access.redhat.com/errata/RHSA-2022:1626
reference_id	RHSA-2022:1626
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:1626

reference_url	https://access.redhat.com/errata/RHSA-2022:1627
reference_id	RHSA-2022:1627
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:1627

reference_url

https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0005

reference_id

SNWLID-2022-0005

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Act
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-01-29T17:52:10Z/

url

https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0005

reference_url

http://packetstormsecurity.com/files/166713/Spring4Shell-Code-Execution.html

reference_id

Spring4Shell-Code-Execution.html

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Act
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-01-29T17:52:10Z/

url

http://packetstormsecurity.com/files/166713/Spring4Shell-Code-Execution.html

reference_url

http://packetstormsecurity.com/files/167011/Spring4Shell-Spring-Framework-Class-Property-Remote-Code-Execution.html

reference_id

Spring4Shell-Spring-Framework-Class-Property-Remote-Code-Execution.html

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Act
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-01-29T17:52:10Z/

url

http://packetstormsecurity.com/files/167011/Spring4Shell-Spring-Framework-Class-Property-Remote-Code-Execution.html

reference_url

https://cert-portal.siemens.com/productcert/pdf/ssa-254054.pdf

reference_id

ssa-254054.pdf

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Act
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-01-29T17:52:10Z/

url

https://cert-portal.siemens.com/productcert/pdf/ssa-254054.pdf

reference_url	https://usn.ubuntu.com/7165-1/
reference_id	USN-7165-1
reference_type
scores
url	https://usn.ubuntu.com/7165-1/

fixed_packages

url	pkg:maven/org.springframework/spring-core@5.2.20
purl	pkg:maven/org.springframework/spring-core@5.2.20
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-core@5.2.20

url pkg:maven/org.springframework/spring-core@5.2.20.RELEASE

purl pkg:maven/org.springframework/spring-core@5.2.20.RELEASE

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8cpe-j15y-jbdk

vulnerability	VCID-98z5-6z3z-mkf6

vulnerability	VCID-e3yh-y2av-wff3

vulnerability	VCID-m6tq-7gmn-2kdy

vulnerability	VCID-r8q8-2grb-7ug8

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-core@5.2.20.RELEASE

url pkg:maven/org.springframework/spring-core@5.3.18

purl pkg:maven/org.springframework/spring-core@5.3.18

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1w5g-w36x-n7cq

vulnerability	VCID-8cpe-j15y-jbdk

vulnerability	VCID-98z5-6z3z-mkf6

vulnerability	VCID-e3yh-y2av-wff3

vulnerability	VCID-m6tq-7gmn-2kdy

vulnerability	VCID-r8q8-2grb-7ug8

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-core@5.3.18

aliases CVE-2022-22965, GHSA-36p3-wjmg-h94x, GMS-2022-558, GMS-2022-559, GMS-2022-560, GMS-2022-561

risk_score 10.0

exploitability 2.0

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-n3z8-z3gf-zydq

url VCID-ndek-xah6-47d2

vulnerability_id VCID-ndek-xah6-47d2

summary In Spring Framework versions 5.2.0 - 5.2.8, 5.1.0 - 5.1.17, 5.0.0 - 5.0.18, 4.3.0 - 4.3.28, and older unsupported versions, the protections against RFD attacks from CVE-2015-5211 may be bypassed depending on the browser used through the use of a jsessionid path parameter.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-5421.json

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-5421.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-5421

reference_id

reference_type

scores

value	0.63828
scoring_system	epss
scoring_elements	0.98454
published_at	2026-06-13T12:55:00Z

value	0.63828
scoring_system	epss
scoring_elements	0.98453
published_at	2026-06-14T12:55:00Z

value	0.63828
scoring_system	epss
scoring_elements	0.98447
published_at	2026-06-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-5421

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5421
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5421

reference_url

https://lists.apache.org/thread.html/r1c679c43fa4f7846d748a937955c7921436d1b315445978254442163@%3Ccommits.ambari.apache.org%3E

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r1c679c43fa4f7846d748a937955c7921436d1b315445978254442163@%3Ccommits.ambari.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r1eccdbd7986618a7319ee7a533bd9d9bf6e8678e59dd4cca9b5b2d7a@%3Cissues.ambari.apache.org%3E

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r1eccdbd7986618a7319ee7a533bd9d9bf6e8678e59dd4cca9b5b2d7a@%3Cissues.ambari.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r3589ed0d18edeb79028615080d5a0e8878856436bb91774a3196d9eb@%3Ccommits.pulsar.apache.org%3E

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r3589ed0d18edeb79028615080d5a0e8878856436bb91774a3196d9eb@%3Ccommits.pulsar.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r503e64b43a57fd68229cac4a869d1a9a2eac9e75f8719cad3a840211@%3Ccommits.pulsar.apache.org%3E

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r503e64b43a57fd68229cac4a869d1a9a2eac9e75f8719cad3a840211@%3Ccommits.pulsar.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r5c95eff679dfc642e9e4ab5ac6d202248a59cb1e9457cfbe8b729ac5@%3Cissues.ambari.apache.org%3E

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r5c95eff679dfc642e9e4ab5ac6d202248a59cb1e9457cfbe8b729ac5@%3Cissues.ambari.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r7e6a213eea7f04fc6d9e3bd6eb8d68c4df92a22e956e95cb2c482865@%3Cissues.hive.apache.org%3E

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r7e6a213eea7f04fc6d9e3bd6eb8d68c4df92a22e956e95cb2c482865@%3Cissues.hive.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r8b496b1743d128e6861ee0ed3c3c48cc56c505b38f84fa5baf7ae33a@%3Cdev.ambari.apache.org%3E

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r8b496b1743d128e6861ee0ed3c3c48cc56c505b38f84fa5baf7ae33a@%3Cdev.ambari.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r918caad55dcc640a16753b00d8d6acb90b4e36de4b6156d0867246ec@%3Ccommits.pulsar.apache.org%3E

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r918caad55dcc640a16753b00d8d6acb90b4e36de4b6156d0867246ec@%3Ccommits.pulsar.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r9f13cccb214495e14648d2c9b8f2c6072fd5219e74502dd35ede81e1@%3Cdev.ambari.apache.org%3E

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r9f13cccb214495e14648d2c9b8f2c6072fd5219e74502dd35ede81e1@%3Cdev.ambari.apache.org%3E

reference_url

https://lists.apache.org/thread.html/ra889d95141059c6cbe77dd80249bb488ae53b274b5f3abad09d9511d@%3Cuser.ignite.apache.org%3E

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/ra889d95141059c6cbe77dd80249bb488ae53b274b5f3abad09d9511d@%3Cuser.ignite.apache.org%3E

reference_url

https://lists.apache.org/thread.html/raf7ca57033e537e4f9d7df7f192fa6968c1e49409b2348e08d807ccb@%3Cuser.ignite.apache.org%3E

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/raf7ca57033e537e4f9d7df7f192fa6968c1e49409b2348e08d807ccb@%3Cuser.ignite.apache.org%3E

reference_url

https://lists.apache.org/thread.html/rb18ed999153ef0f0cb7af03efe0046c42c7242fd77fbd884a75ecfdc@%3Ccommits.pulsar.apache.org%3E

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/rb18ed999153ef0f0cb7af03efe0046c42c7242fd77fbd884a75ecfdc@%3Ccommits.pulsar.apache.org%3E

reference_url

https://lists.apache.org/thread.html/rc9efaf6db98bee19db1bc911d0fa442287dac5cb229d4aaa08b6a13d@%3Cissues.hive.apache.org%3E

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/rc9efaf6db98bee19db1bc911d0fa442287dac5cb229d4aaa08b6a13d@%3Cissues.hive.apache.org%3E

reference_url

https://lists.apache.org/thread.html/rd462a8b0dfab4c15e67c0672cd3c211ecd0e4f018f824082ed54f665@%3Cissues.hive.apache.org%3E

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/rd462a8b0dfab4c15e67c0672cd3c211ecd0e4f018f824082ed54f665@%3Cissues.hive.apache.org%3E

reference_url

https://lists.apache.org/thread.html/re014a49d77f038ba70e5e9934d400af6653e8c9ac110d32b1254127e@%3Cdev.ranger.apache.org%3E

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/re014a49d77f038ba70e5e9934d400af6653e8c9ac110d32b1254127e@%3Cdev.ranger.apache.org%3E

reference_url

https://lists.apache.org/thread.html/rf00d8f4101a1c1ea4de6ea1e09ddf7472cfd306745c90d6da87ae074@%3Cdev.hive.apache.org%3E

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/rf00d8f4101a1c1ea4de6ea1e09ddf7472cfd306745c90d6da87ae074@%3Cdev.hive.apache.org%3E

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2020-5421

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2020-5421

reference_url

https://security.netapp.com/advisory/ntap-20210513-0009

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20210513-0009

reference_url	https://security.netapp.com/advisory/ntap-20210513-0009/
reference_id
reference_type
scores
url	https://security.netapp.com/advisory/ntap-20210513-0009/

reference_url

https://tanzu.vmware.com/security/cve-2020-5421

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://tanzu.vmware.com/security/cve-2020-5421

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1881158
reference_id	1881158
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1881158

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=973381
reference_id	973381
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=973381

reference_url

https://github.com/advisories/GHSA-rv39-3qh7-9v7w

reference_id

GHSA-rv39-3qh7-9v7w

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-rv39-3qh7-9v7w

reference_url	https://access.redhat.com/errata/RHSA-2021:3140
reference_id	RHSA-2021:3140
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:3140

fixed_packages

url pkg:maven/org.springframework/spring-core@5.0.18.RELEASE

purl pkg:maven/org.springframework/spring-core@5.0.18.RELEASE

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8cpe-j15y-jbdk

vulnerability	VCID-98z5-6z3z-mkf6

vulnerability	VCID-e3yh-y2av-wff3

vulnerability	VCID-m6tq-7gmn-2kdy

vulnerability	VCID-n3z8-z3gf-zydq

vulnerability	VCID-r8q8-2grb-7ug8

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-core@5.0.18.RELEASE

url pkg:maven/org.springframework/spring-core@5.0.19.RELEASE

purl pkg:maven/org.springframework/spring-core@5.0.19.RELEASE

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8cpe-j15y-jbdk

vulnerability	VCID-98z5-6z3z-mkf6

vulnerability	VCID-e3yh-y2av-wff3

vulnerability	VCID-m6tq-7gmn-2kdy

vulnerability	VCID-n3z8-z3gf-zydq

vulnerability	VCID-r8q8-2grb-7ug8

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-core@5.0.19.RELEASE

url pkg:maven/org.springframework/spring-core@5.1.17.RELEASE

purl pkg:maven/org.springframework/spring-core@5.1.17.RELEASE

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8cpe-j15y-jbdk

vulnerability	VCID-98z5-6z3z-mkf6

vulnerability	VCID-e3yh-y2av-wff3

vulnerability	VCID-m6tq-7gmn-2kdy

vulnerability	VCID-n3z8-z3gf-zydq

vulnerability	VCID-r8q8-2grb-7ug8

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-core@5.1.17.RELEASE

url pkg:maven/org.springframework/spring-core@5.1.18.RELEASE

purl pkg:maven/org.springframework/spring-core@5.1.18.RELEASE

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8cpe-j15y-jbdk

vulnerability	VCID-98z5-6z3z-mkf6

vulnerability	VCID-e3yh-y2av-wff3

vulnerability	VCID-m6tq-7gmn-2kdy

vulnerability	VCID-n3z8-z3gf-zydq

vulnerability	VCID-r8q8-2grb-7ug8

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-core@5.1.18.RELEASE

url pkg:maven/org.springframework/spring-core@5.2.8.RELEASE

purl pkg:maven/org.springframework/spring-core@5.2.8.RELEASE

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8cpe-j15y-jbdk

vulnerability	VCID-98z5-6z3z-mkf6

vulnerability	VCID-e3yh-y2av-wff3

vulnerability	VCID-eay2-n7ub-jkg7

vulnerability	VCID-m6tq-7gmn-2kdy

vulnerability	VCID-n3z8-z3gf-zydq

vulnerability	VCID-r8q8-2grb-7ug8

vulnerability	VCID-snp1-wade-sufb

vulnerability	VCID-y99q-rpww-k3df

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-core@5.2.8.RELEASE

url pkg:maven/org.springframework/spring-core@5.2.9.RELEASE

purl pkg:maven/org.springframework/spring-core@5.2.9.RELEASE

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8cpe-j15y-jbdk

vulnerability	VCID-98z5-6z3z-mkf6

vulnerability	VCID-e3yh-y2av-wff3

vulnerability	VCID-eay2-n7ub-jkg7

vulnerability	VCID-m6tq-7gmn-2kdy

vulnerability	VCID-n3z8-z3gf-zydq

vulnerability	VCID-r8q8-2grb-7ug8

vulnerability	VCID-snp1-wade-sufb

vulnerability	VCID-y99q-rpww-k3df

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-core@5.2.9.RELEASE

aliases CVE-2020-5421, GHSA-rv39-3qh7-9v7w

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ndek-xah6-47d2

url VCID-r8q8-2grb-7ug8

vulnerability_id VCID-r8q8-2grb-7ug8

summary In Spring Framework versions 6.0.0 - 6.0.6, 5.3.0 - 5.3.25, 5.2.0.RELEASE - 5.2.22.RELEASE, and older unsupported versions, it is possible for a user to provide a specially crafted SpEL expression that may cause a denial-of-service (DoS) condition.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-20861.json

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-20861.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-20861

reference_id

reference_type

scores

value	0.00542
scoring_system	epss
scoring_elements	0.68252
published_at	2026-06-13T12:55:00Z

value	0.00542
scoring_system	epss
scoring_elements	0.68249
published_at	2026-06-14T12:55:00Z

value	0.00542
scoring_system	epss
scoring_elements	0.6815
published_at	2026-06-11T12:55:00Z

value	0.00542
scoring_system	epss
scoring_elements	0.68239
published_at	2026-06-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-20861

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20861
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20861

reference_url

https://github.com/spring-projects/spring-framework

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/spring-projects/spring-framework

reference_url

https://github.com/spring-projects/spring-framework/commit/430fc25acad2e85cbdddcd52b64481691f03ebd1

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/spring-projects/spring-framework/commit/430fc25acad2e85cbdddcd52b64481691f03ebd1

reference_url

https://github.com/spring-projects/spring-framework/commit/52c93b1c4b24d70de233a958e60e7c5822bd274f

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/spring-projects/spring-framework/commit/52c93b1c4b24d70de233a958e60e7c5822bd274f

reference_url

https://github.com/spring-projects/spring-framework/commit/935c29e3ddba5b19951e54f6685c70ed45d9cbe5

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/spring-projects/spring-framework/commit/935c29e3ddba5b19951e54f6685c70ed45d9cbe5

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2023-20861

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2023-20861

reference_url

https://security.netapp.com/advisory/ntap-20230420-0007

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20230420-0007

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2180530
reference_id	2180530
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2180530

reference_url

https://spring.io/security/cve-2023-20861

reference_id

cve-2023-20861

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-25T15:31:28Z/

url

https://spring.io/security/cve-2023-20861

reference_url

https://github.com/advisories/GHSA-564r-hj7v-mcr5

reference_id

GHSA-564r-hj7v-mcr5

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-564r-hj7v-mcr5

reference_url

https://security.netapp.com/advisory/ntap-20230420-0007/

reference_id

ntap-20230420-0007

reference_type

scores

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-25T15:31:28Z/

url

https://security.netapp.com/advisory/ntap-20230420-0007/

reference_url	https://access.redhat.com/errata/RHSA-2023:2100
reference_id	RHSA-2023:2100
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:2100

reference_url	https://access.redhat.com/errata/RHSA-2023:3185
reference_id	RHSA-2023:3185
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:3185

reference_url	https://access.redhat.com/errata/RHSA-2023:3610
reference_id	RHSA-2023:3610
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:3610

reference_url	https://access.redhat.com/errata/RHSA-2023:3622
reference_id	RHSA-2023:3622
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:3622

reference_url	https://access.redhat.com/errata/RHSA-2023:3771
reference_id	RHSA-2023:3771
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:3771

reference_url	https://access.redhat.com/errata/RHSA-2023:3954
reference_id	RHSA-2023:3954
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:3954

reference_url	https://access.redhat.com/errata/RHSA-2023:4612
reference_id	RHSA-2023:4612
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:4612

reference_url	https://access.redhat.com/errata/RHSA-2023:4983
reference_id	RHSA-2023:4983
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:4983

reference_url	https://access.redhat.com/errata/RHSA-2024:0778
reference_id	RHSA-2024:0778
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:0778

fixed_packages

url pkg:maven/org.springframework/spring-core@5.2.23.RELEASE

purl pkg:maven/org.springframework/spring-core@5.2.23.RELEASE

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-m6tq-7gmn-2kdy

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-core@5.2.23.RELEASE

url pkg:maven/org.springframework/spring-core@5.3.26

purl pkg:maven/org.springframework/spring-core@5.3.26

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1w5g-w36x-n7cq

vulnerability	VCID-m6tq-7gmn-2kdy

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-core@5.3.26

url pkg:maven/org.springframework/spring-core@6.0.7

purl pkg:maven/org.springframework/spring-core@6.0.7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1w5g-w36x-n7cq

vulnerability	VCID-m6tq-7gmn-2kdy

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-core@6.0.7

aliases CVE-2023-20861, GHSA-564r-hj7v-mcr5

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-r8q8-2grb-7ug8

Fixing_vulnerabilities

Risk_score 10.0

Resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-core@5.0.17.RELEASE

Package Instance