{"url":"http://public2.vulnerablecode.io/api/packages/54683?format=json","purl":"pkg:maven/org.springframework.security/spring-security-core@3.0.0","type":"maven","namespace":"org.springframework.security","name":"spring-security-core","version":"3.0.0","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"5.7.14","latest_non_vulnerable_version":"7.0.5","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/16016?format=json","vulnerability_id":"VCID-ev1k-za9z-87hq","summary":"Improper Control of Generation of Code ('Code Injection')\nCRLF injection vulnerability in the logout functionality in VMware SpringSource Spring Security before 2.0.7 and 3.0.x before 3.0.6 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the spring-security-redirect parameter.","references":[{"reference_url":"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=677814","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=677814"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-2732.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-2732.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-2732","reference_id":"","reference_type":"","scores":[{"value":"0.07155","scoring_system":"epss","scoring_elements":"0.91622","published_at":"2026-05-09T12:55:00Z"},{"value":"0.07155","scoring_system":"epss","scoring_elements":"0.91582","published_at":"2026-04-21T12:55:00Z"},{"value":"0.07155","scoring_system":"epss","scoring_elements":"0.9159","published_at":"2026-04-24T12:55:00Z"},{"value":"0.07155","scoring_system":"epss","scoring_elements":"0.91589","published_at":"2026-04-26T12:55:00Z"},{"value":"0.07155","scoring_system":"epss","scoring_elements":"0.91599","published_at":"2026-05-05T12:55:00Z"},{"value":"0.07155","scoring_system":"epss","scoring_elements":"0.91612","published_at":"2026-05-07T12:55:00Z"},{"value":"0.07155","scoring_system":"epss","scoring_elements":"0.91521","published_at":"2026-04-01T12:55:00Z"},{"value":"0.07155","scoring_system":"epss","scoring_elements":"0.91528","published_at":"2026-04-02T12:55:00Z"},{"value":"0.07155","scoring_system":"epss","scoring_elements":"0.91534","published_at":"2026-04-04T12:55:00Z"},{"value":"0.07155","scoring_system":"epss","scoring_elements":"0.91542","published_at":"2026-04-07T12:55:00Z"},{"value":"0.07155","scoring_system":"epss","scoring_elements":"0.91555","published_at":"2026-04-08T12:55:00Z"},{"value":"0.07155","scoring_system":"epss","scoring_elements":"0.91561","published_at":"2026-04-09T12:55:00Z"},{"value":"0.07155","scoring_system":"epss","scoring_elements":"0.91565","published_at":"2026-04-13T12:55:00Z"},{"value":"0.07155","scoring_system":"epss","scoring_elements":"0.91567","published_at":"2026-04-12T12:55:00Z"},{"value":"0.07155","scoring_system":"epss","scoring_elements":"0.91587","published_at":"2026-04-29T12:55:00Z"},{"value":"0.07155","scoring_system":"epss","scoring_elements":"0.91583","published_at":"2026-04-18T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-2732"},{"reference_url":"https://github.com/spring-projects/spring-security","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/spring-projects/spring-security"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=737617","reference_id":"737617","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=737617"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:springsource_spring_security:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:vmware:springsource_spring_security:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:springsource_spring_security:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:springsource_spring_security:2.0.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:vmware:springsource_spring_security:2.0.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:springsource_spring_security:2.0.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:springsource_spring_security:2.0.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:vmware:springsource_spring_security:2.0.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:springsource_spring_security:2.0.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:springsource_spring_security:2.0.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:vmware:springsource_spring_security:2.0.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:springsource_spring_security:2.0.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:springsource_spring_security:2.0.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:vmware:springsource_spring_security:2.0.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:springsource_spring_security:2.0.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:springsource_spring_security:2.0.4:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:vmware:springsource_spring_security:2.0.4:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:springsource_spring_security:2.0.4:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:springsource_spring_security:2.0.5:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:vmware:springsource_spring_security:2.0.5:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:springsource_spring_security:2.0.5:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:springsource_spring_security:3.0.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:vmware:springsource_spring_security:3.0.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:springsource_spring_security:3.0.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:springsource_spring_security:3.0.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:vmware:springsource_spring_security:3.0.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:springsource_spring_security:3.0.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:springsource_spring_security:3.0.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:vmware:springsource_spring_security:3.0.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:springsource_spring_security:3.0.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:springsource_spring_security:3.0.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:vmware:springsource_spring_security:3.0.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:springsource_spring_security:3.0.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:springsource_spring_security:3.0.4:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:vmware:springsource_spring_security:3.0.4:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:springsource_spring_security:3.0.4:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2011-2732","reference_id":"CVE-2011-2732","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:P/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2011-2732"},{"reference_url":"http://support.springsource.com/security/cve-2011-2732","reference_id":"CVE-2011-2732","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://support.springsource.com/security/cve-2011-2732"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/36130.txt","reference_id":"CVE-2011-2732;OSVDB-75266","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/36130.txt"},{"reference_url":"https://www.securityfocus.com/bid/49535/info","reference_id":"CVE-2011-2732;OSVDB-75266","reference_type":"exploit","scores":[],"url":"https://www.securityfocus.com/bid/49535/info"},{"reference_url":"https://github.com/advisories/GHSA-5xm9-rf63-wj7h","reference_id":"GHSA-5xm9-rf63-wj7h","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-5xm9-rf63-wj7h"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/54824?format=json","purl":"pkg:maven/org.springframework.security/spring-security-core@3.0.6","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-core@3.0.6"},{"url":"http://public2.vulnerablecode.io/api/packages/148148?format=json","purl":"pkg:maven/org.springframework.security/spring-security-core@3.0.6.RELEASE","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-8jtc-ehgu-x3c5"},{"vulnerability":"VCID-cden-3spy-pyhz"},{"vulnerability":"VCID-deuk-emca-3kgr"},{"vulnerability":"VCID-dfs4-emmn-f3eb"},{"vulnerability":"VCID-dwcq-d6nf-1ubn"},{"vulnerability":"VCID-u6vb-w2bu-ykfk"},{"vulnerability":"VCID-w4q4-38gp-m3d8"},{"vulnerability":"VCID-yeaf-ta2h-p7c1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-core@3.0.6.RELEASE"}],"aliases":["CVE-2011-2732","GHSA-5xm9-rf63-wj7h"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ev1k-za9z-87hq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/15476?format=json","vulnerability_id":"VCID-n8yr-3aex-kyah","summary":"Authentication Bypass Using an Alternate Path or Channel in SpringSource Spring Security and Acegi Security\nVMware SpringSource Spring Security 2.x before 2.0.6 and 3.x before 3.0.4, and Acegi Security 1.0.0 through 1.0.7, as used in IBM WebSphere Application Server (WAS) 6.1 and 7.0, allows remote attackers to bypass security constraints via a path parameter.","references":[{"reference_url":"http://osvdb.org/68931","reference_id":"","reference_type":"","scores":[],"url":"http://osvdb.org/68931"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2010-3700","reference_id":"","reference_type":"","scores":[{"value":"0.00248","scoring_system":"epss","scoring_elements":"0.48013","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00248","scoring_system":"epss","scoring_elements":"0.48044","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00248","scoring_system":"epss","scoring_elements":"0.48056","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00248","scoring_system":"epss","scoring_elements":"0.48003","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00248","scoring_system":"epss","scoring_elements":"0.47922","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00248","scoring_system":"epss","scoring_elements":"0.47988","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00248","scoring_system":"epss","scoring_elements":"0.47991","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00248","scoring_system":"epss","scoring_elements":"0.48029","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00248","scoring_system":"epss","scoring_elements":"0.4805","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00248","scoring_system":"epss","scoring_elements":"0.48","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00248","scoring_system":"epss","scoring_elements":"0.48053","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00248","scoring_system":"epss","scoring_elements":"0.48047","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00248","scoring_system":"epss","scoring_elements":"0.48071","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00248","scoring_system":"epss","scoring_elements":"0.48059","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00248","scoring_system":"epss","scoring_elements":"0.48111","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00248","scoring_system":"epss","scoring_elements":"0.48106","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00248","scoring_system":"epss","scoring_elements":"0.48062","published_at":"2026-04-21T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2010-3700"},{"reference_url":"http://secunia.com/advisories/42024","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/42024"},{"reference_url":"https://issues.apache.org/bugzilla/show_bug.cgi?id=25015","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://issues.apache.org/bugzilla/show_bug.cgi?id=25015"},{"reference_url":"https://web.archive.org/web/20110802082343/http://www.springsource.com/security/cve-2010-3700","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20110802082343/http://www.springsource.com/security/cve-2010-3700"},{"reference_url":"http://www.securityfocus.com/archive/1/514517/100/0/threaded","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/archive/1/514517/100/0/threaded"},{"reference_url":"http://www.securityfocus.com/bid/44496","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/44496"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:acegisecurity:acegi-security:1.0.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:acegisecurity:acegi-security:1.0.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:acegisecurity:acegi-security:1.0.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:acegisecurity:acegi-security:1.0.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:acegisecurity:acegi-security:1.0.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:acegisecurity:acegi-security:1.0.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:acegisecurity:acegi-security:1.0.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:acegisecurity:acegi-security:1.0.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:acegisecurity:acegi-security:1.0.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:acegisecurity:acegi-security:1.0.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:acegisecurity:acegi-security:1.0.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:acegisecurity:acegi-security:1.0.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:acegisecurity:acegi-security:1.0.4:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:acegisecurity:acegi-security:1.0.4:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:acegisecurity:acegi-security:1.0.4:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:acegisecurity:acegi-security:1.0.5:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:acegisecurity:acegi-security:1.0.5:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:acegisecurity:acegi-security:1.0.5:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:acegisecurity:acegi-security:1.0.6:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:acegisecurity:acegi-security:1.0.6:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:acegisecurity:acegi-security:1.0.6:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:acegisecurity:acegi-security:1.0.7:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:acegisecurity:acegi-security:1.0.7:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:acegisecurity:acegi-security:1.0.7:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ibm:websphere_application_server:6.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ibm:websphere_application_server:6.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ibm:websphere_application_server:6.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ibm:websphere_application_server:7.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ibm:websphere_application_server:7.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ibm:websphere_application_server:7.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:springsource_spring_security:2.0.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:vmware:springsource_spring_security:2.0.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:springsource_spring_security:2.0.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:springsource_spring_security:2.0.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:vmware:springsource_spring_security:2.0.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:springsource_spring_security:2.0.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:springsource_spring_security:2.0.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:vmware:springsource_spring_security:2.0.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:springsource_spring_security:2.0.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:springsource_spring_security:2.0.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:vmware:springsource_spring_security:2.0.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:springsource_spring_security:2.0.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:springsource_spring_security:2.0.4:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:vmware:springsource_spring_security:2.0.4:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:springsource_spring_security:2.0.4:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:springsource_spring_security:2.0.5:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:vmware:springsource_spring_security:2.0.5:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:springsource_spring_security:2.0.5:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:springsource_spring_security:3.0.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:vmware:springsource_spring_security:3.0.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:springsource_spring_security:3.0.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:springsource_spring_security:3.0.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:vmware:springsource_spring_security:3.0.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:springsource_spring_security:3.0.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:springsource_spring_security:3.0.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:vmware:springsource_spring_security:3.0.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:springsource_spring_security:3.0.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:springsource_spring_security:3.0.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:vmware:springsource_spring_security:3.0.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:springsource_spring_security:3.0.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2010-3700","reference_id":"CVE-2010-3700","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:N/I:P/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2010-3700"},{"reference_url":"http://www.springsource.com/security/cve-2010-3700","reference_id":"CVE-2010-3700","reference_type":"","scores":[],"url":"http://www.springsource.com/security/cve-2010-3700"},{"reference_url":"https://github.com/advisories/GHSA-3295-h9qx-r82x","reference_id":"GHSA-3295-h9qx-r82x","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-3295-h9qx-r82x"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/54685?format=json","purl":"pkg:maven/org.springframework.security/spring-security-core@3.0.4","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-core@3.0.4"},{"url":"http://public2.vulnerablecode.io/api/packages/148146?format=json","purl":"pkg:maven/org.springframework.security/spring-security-core@3.0.4.RELEASE","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-8jtc-ehgu-x3c5"},{"vulnerability":"VCID-cden-3spy-pyhz"},{"vulnerability":"VCID-deuk-emca-3kgr"},{"vulnerability":"VCID-dfs4-emmn-f3eb"},{"vulnerability":"VCID-dwcq-d6nf-1ubn"},{"vulnerability":"VCID-ev1k-za9z-87hq"},{"vulnerability":"VCID-nddv-1dfd-jfdd"},{"vulnerability":"VCID-sy5j-6rkg-n3b7"},{"vulnerability":"VCID-u6vb-w2bu-ykfk"},{"vulnerability":"VCID-w4q4-38gp-m3d8"},{"vulnerability":"VCID-yeaf-ta2h-p7c1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-core@3.0.4.RELEASE"}],"aliases":["CVE-2010-3700","GHSA-3295-h9qx-r82x"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-n8yr-3aex-kyah"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/55532?format=json","vulnerability_id":"VCID-nddv-1dfd-jfdd","summary":"Concurrent Execution using Shared Resource with Improper Synchronization in Spring Security\nRace condition in the RunAsManager mechanism in VMware SpringSource Spring Security before 2.0.7 and 3.0.x before 3.0.6 stores the Authentication object in the shared security context, which allows attackers to gain privileges via a crafted thread.","references":[{"reference_url":"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=677814","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=677814"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-2731.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-2731.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-2731","reference_id":"","reference_type":"","scores":[{"value":"0.00227","scoring_system":"epss","scoring_elements":"0.45308","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00227","scoring_system":"epss","scoring_elements":"0.45465","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00227","scoring_system":"epss","scoring_elements":"0.45391","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00227","scoring_system":"epss","scoring_elements":"0.45331","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00227","scoring_system":"epss","scoring_elements":"0.45226","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00227","scoring_system":"epss","scoring_elements":"0.4529","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00227","scoring_system":"epss","scoring_elements":"0.45381","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00227","scoring_system":"epss","scoring_elements":"0.45455","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00227","scoring_system":"epss","scoring_elements":"0.45476","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00227","scoring_system":"epss","scoring_elements":"0.45421","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00227","scoring_system":"epss","scoring_elements":"0.45475","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00227","scoring_system":"epss","scoring_elements":"0.45496","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00227","scoring_system":"epss","scoring_elements":"0.45466","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00227","scoring_system":"epss","scoring_elements":"0.45468","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00227","scoring_system":"epss","scoring_elements":"0.45518","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00227","scoring_system":"epss","scoring_elements":"0.45515","published_at":"2026-04-18T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-2731"},{"reference_url":"http://secunia.com/advisories/55155","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/55155"},{"reference_url":"https://github.com/spring-projects/spring-security","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/spring-projects/spring-security"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2011-2731","reference_id":"","reference_type":"","scores":[{"value":"5.1","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:H/Au:N/C:P/I:P/A:P"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2011-2731"},{"reference_url":"http://support.springsource.com/security/cve-2011-2731","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://support.springsource.com/security/cve-2011-2731"},{"reference_url":"http://www.securitytracker.com/id/1029151","reference_id":"","reference_type":"","scores":[],"url":"http://www.securitytracker.com/id/1029151"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=737613","reference_id":"737613","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=737613"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:springsource_spring_security:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:vmware:springsource_spring_security:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:springsource_spring_security:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:springsource_spring_security:2.0.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:vmware:springsource_spring_security:2.0.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:springsource_spring_security:2.0.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:springsource_spring_security:2.0.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:vmware:springsource_spring_security:2.0.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:springsource_spring_security:2.0.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:springsource_spring_security:2.0.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:vmware:springsource_spring_security:2.0.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:springsource_spring_security:2.0.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:springsource_spring_security:2.0.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:vmware:springsource_spring_security:2.0.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:springsource_spring_security:2.0.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:springsource_spring_security:2.0.4:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:vmware:springsource_spring_security:2.0.4:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:springsource_spring_security:2.0.4:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:springsource_spring_security:2.0.5:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:vmware:springsource_spring_security:2.0.5:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:springsource_spring_security:2.0.5:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:springsource_spring_security:3.0.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:vmware:springsource_spring_security:3.0.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:springsource_spring_security:3.0.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:springsource_spring_security:3.0.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:vmware:springsource_spring_security:3.0.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:springsource_spring_security:3.0.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:springsource_spring_security:3.0.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:vmware:springsource_spring_security:3.0.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:springsource_spring_security:3.0.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:springsource_spring_security:3.0.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:vmware:springsource_spring_security:3.0.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:springsource_spring_security:3.0.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:springsource_spring_security:3.0.4:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:vmware:springsource_spring_security:3.0.4:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:springsource_spring_security:3.0.4:*:*:*:*:*:*:*"},{"reference_url":"https://github.com/advisories/GHSA-4644-hg35-55m9","reference_id":"GHSA-4644-hg35-55m9","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-4644-hg35-55m9"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/54824?format=json","purl":"pkg:maven/org.springframework.security/spring-security-core@3.0.6","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-core@3.0.6"},{"url":"http://public2.vulnerablecode.io/api/packages/148148?format=json","purl":"pkg:maven/org.springframework.security/spring-security-core@3.0.6.RELEASE","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-8jtc-ehgu-x3c5"},{"vulnerability":"VCID-cden-3spy-pyhz"},{"vulnerability":"VCID-deuk-emca-3kgr"},{"vulnerability":"VCID-dfs4-emmn-f3eb"},{"vulnerability":"VCID-dwcq-d6nf-1ubn"},{"vulnerability":"VCID-u6vb-w2bu-ykfk"},{"vulnerability":"VCID-w4q4-38gp-m3d8"},{"vulnerability":"VCID-yeaf-ta2h-p7c1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-core@3.0.6.RELEASE"}],"aliases":["CVE-2011-2731","GHSA-4644-hg35-55m9"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-nddv-1dfd-jfdd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/15475?format=json","vulnerability_id":"VCID-sy5j-6rkg-n3b7","summary":"Deserialization of Untrusted Data\nSpring Framework 3.0.0 through 3.0.5, Spring Security 3.0.0 through 3.0.5 and 2.0.0 through 2.0.6, and possibly other versions deserialize objects from untrusted sources, which allows remote attackers to bypass intended security restrictions and execute untrusted code by (1) serializing a java.lang.Proxy instance and using InvocationHandler, or (2) accessing internal AOP interfaces, as demonstrated using deserialization of a DefaultListableBeanFactory instance to execute arbitrary commands via the java.lang.Runtime class.","references":[{"reference_url":"http://osvdb.org/75263","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://osvdb.org/75263"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-2894.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-2894.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-2894","reference_id":"","reference_type":"","scores":[{"value":"0.01998","scoring_system":"epss","scoring_elements":"0.8378","published_at":"2026-05-09T12:55:00Z"},{"value":"0.01998","scoring_system":"epss","scoring_elements":"0.83762","published_at":"2026-05-07T12:55:00Z"},{"value":"0.01998","scoring_system":"epss","scoring_elements":"0.83707","published_at":"2026-04-24T12:55:00Z"},{"value":"0.01998","scoring_system":"epss","scoring_elements":"0.8372","published_at":"2026-04-29T12:55:00Z"},{"value":"0.01998","scoring_system":"epss","scoring_elements":"0.83714","published_at":"2026-04-26T12:55:00Z"},{"value":"0.01998","scoring_system":"epss","scoring_elements":"0.83742","published_at":"2026-05-05T12:55:00Z"},{"value":"0.02109","scoring_system":"epss","scoring_elements":"0.84067","published_at":"2026-04-07T12:55:00Z"},{"value":"0.02109","scoring_system":"epss","scoring_elements":"0.84036","published_at":"2026-04-01T12:55:00Z"},{"value":"0.02109","scoring_system":"epss","scoring_elements":"0.84049","published_at":"2026-04-02T12:55:00Z"},{"value":"0.02109","scoring_system":"epss","scoring_elements":"0.84065","published_at":"2026-04-04T12:55:00Z"},{"value":"0.02109","scoring_system":"epss","scoring_elements":"0.8409","published_at":"2026-04-08T12:55:00Z"},{"value":"0.02109","scoring_system":"epss","scoring_elements":"0.84097","published_at":"2026-04-09T12:55:00Z"},{"value":"0.02109","scoring_system":"epss","scoring_elements":"0.84114","published_at":"2026-04-11T12:55:00Z"},{"value":"0.02109","scoring_system":"epss","scoring_elements":"0.84108","published_at":"2026-04-12T12:55:00Z"},{"value":"0.02109","scoring_system":"epss","scoring_elements":"0.84104","published_at":"2026-04-13T12:55:00Z"},{"value":"0.02109","scoring_system":"epss","scoring_elements":"0.84126","published_at":"2026-04-16T12:55:00Z"},{"value":"0.02109","scoring_system":"epss","scoring_elements":"0.84128","published_at":"2026-04-18T12:55:00Z"},{"value":"0.02109","scoring_system":"epss","scoring_elements":"0.8413","published_at":"2026-04-21T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-2894"},{"reference_url":"http://securityreason.com/securityalert/8405","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://securityreason.com/securityalert/8405"},{"reference_url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/69687","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/69687"},{"reference_url":"https://github.com/spring-projects/spring-framework","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/spring-projects/spring-framework"},{"reference_url":"https://github.com/spring-projects/spring-framework/commit/070a723ef2c886770a063eb9a67f84f74e06edfb","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/spring-projects/spring-framework/commit/070a723ef2c886770a063eb9a67f84f74e06edfb"},{"reference_url":"http://www.redhat.com/support/errata/RHSA-2011-1334.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.redhat.com/support/errata/RHSA-2011-1334.html"},{"reference_url":"http://www.securityfocus.com/archive/1/519593/100/0/threaded","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.securityfocus.com/archive/1/519593/100/0/threaded"},{"reference_url":"http://www.securityfocus.com/bid/49536","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.securityfocus.com/bid/49536"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=737611","reference_id":"737611","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=737611"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2011-2894","reference_id":"CVE-2011-2894","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2011-2894"},{"reference_url":"https://web.archive.org/web/20120307233721/http://www.springsource.com/security/cve-2011-2894","reference_id":"CVE-2011-2894","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20120307233721/http://www.springsource.com/security/cve-2011-2894"},{"reference_url":"http://www.springsource.com/security/cve-2011-2894","reference_id":"CVE-2011-2894","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.springsource.com/security/cve-2011-2894"},{"reference_url":"https://github.com/advisories/GHSA-f866-m9mv-2xr3","reference_id":"GHSA-f866-m9mv-2xr3","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-f866-m9mv-2xr3"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:1334","reference_id":"RHSA-2011:1334","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:1334"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/54824?format=json","purl":"pkg:maven/org.springframework.security/spring-security-core@3.0.6","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-core@3.0.6"},{"url":"http://public2.vulnerablecode.io/api/packages/148148?format=json","purl":"pkg:maven/org.springframework.security/spring-security-core@3.0.6.RELEASE","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-8jtc-ehgu-x3c5"},{"vulnerability":"VCID-cden-3spy-pyhz"},{"vulnerability":"VCID-deuk-emca-3kgr"},{"vulnerability":"VCID-dfs4-emmn-f3eb"},{"vulnerability":"VCID-dwcq-d6nf-1ubn"},{"vulnerability":"VCID-u6vb-w2bu-ykfk"},{"vulnerability":"VCID-w4q4-38gp-m3d8"},{"vulnerability":"VCID-yeaf-ta2h-p7c1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-core@3.0.6.RELEASE"}],"aliases":["CVE-2011-2894","GHSA-f866-m9mv-2xr3"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-sy5j-6rkg-n3b7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6758?format=json","vulnerability_id":"VCID-w4q4-38gp-m3d8","summary":"Exposure of Sensitive Information to an Unauthorized Actor\nThis package does not check the password if the user is not found, which makes the response delay shorter and might allow remote attackers to enumerate valid usernames via a series of login requests.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-5055.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-5055.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-5055","reference_id":"","reference_type":"","scores":[{"value":"0.00359","scoring_system":"epss","scoring_elements":"0.58125","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00359","scoring_system":"epss","scoring_elements":"0.58097","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00359","scoring_system":"epss","scoring_elements":"0.58064","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00359","scoring_system":"epss","scoring_elements":"0.58077","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00359","scoring_system":"epss","scoring_elements":"0.58022","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00359","scoring_system":"epss","scoring_elements":"0.57979","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00359","scoring_system":"epss","scoring_elements":"0.58063","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00359","scoring_system":"epss","scoring_elements":"0.58085","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00359","scoring_system":"epss","scoring_elements":"0.58059","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00359","scoring_system":"epss","scoring_elements":"0.58114","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00359","scoring_system":"epss","scoring_elements":"0.58118","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00359","scoring_system":"epss","scoring_elements":"0.58134","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00359","scoring_system":"epss","scoring_elements":"0.58111","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00359","scoring_system":"epss","scoring_elements":"0.5809","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00359","scoring_system":"epss","scoring_elements":"0.58121","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00359","scoring_system":"epss","scoring_elements":"0.58122","published_at":"2026-04-18T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-5055"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2012-5055","reference_id":"","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:P/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2012-5055"},{"reference_url":"http://support.springsource.com/security/CVE-2012-5055","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://support.springsource.com/security/CVE-2012-5055"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=886031","reference_id":"886031","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=886031"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:springsource_spring_security:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:vmware:springsource_spring_security:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:springsource_spring_security:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:springsource_spring_security:2.0.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:vmware:springsource_spring_security:2.0.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:springsource_spring_security:2.0.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:springsource_spring_security:2.0.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:vmware:springsource_spring_security:2.0.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:springsource_spring_security:2.0.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:springsource_spring_security:2.0.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:vmware:springsource_spring_security:2.0.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:springsource_spring_security:2.0.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:springsource_spring_security:2.0.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:vmware:springsource_spring_security:2.0.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:springsource_spring_security:2.0.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:springsource_spring_security:2.0.4:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:vmware:springsource_spring_security:2.0.4:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:springsource_spring_security:2.0.4:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:springsource_spring_security:2.0.5:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:vmware:springsource_spring_security:2.0.5:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:springsource_spring_security:2.0.5:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:springsource_spring_security:3.0.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:vmware:springsource_spring_security:3.0.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:springsource_spring_security:3.0.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:springsource_spring_security:3.0.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:vmware:springsource_spring_security:3.0.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:springsource_spring_security:3.0.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:springsource_spring_security:3.0.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:vmware:springsource_spring_security:3.0.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:springsource_spring_security:3.0.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:springsource_spring_security:3.0.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:vmware:springsource_spring_security:3.0.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:springsource_spring_security:3.0.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:springsource_spring_security:3.0.4:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:vmware:springsource_spring_security:3.0.4:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:springsource_spring_security:3.0.4:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:springsource_spring_security:3.0.5:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:vmware:springsource_spring_security:3.0.5:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:springsource_spring_security:3.0.5:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:springsource_spring_security:3.1.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:vmware:springsource_spring_security:3.1.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:springsource_spring_security:3.1.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:springsource_spring_security:3.1.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:vmware:springsource_spring_security:3.1.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:springsource_spring_security:3.1.2:*:*:*:*:*:*:*"},{"reference_url":"http://support.springsource.com/security/cve-2012-5055","reference_id":"CVE-2012-5055","reference_type":"","scores":[],"url":"http://support.springsource.com/security/cve-2012-5055"},{"reference_url":"https://github.com/advisories/GHSA-3533-rvpc-6x56","reference_id":"GHSA-3533-rvpc-6x56","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-3533-rvpc-6x56"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:0649","reference_id":"RHSA-2013:0649","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2013:0649"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/84565?format=json","purl":"pkg:maven/org.springframework.security/spring-security-core@3.0.8","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-core@3.0.8"},{"url":"http://public2.vulnerablecode.io/api/packages/20143?format=json","purl":"pkg:maven/org.springframework.security/spring-security-core@3.0.8.RELEASE","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-8jtc-ehgu-x3c5"},{"vulnerability":"VCID-cden-3spy-pyhz"},{"vulnerability":"VCID-deuk-emca-3kgr"},{"vulnerability":"VCID-dfs4-emmn-f3eb"},{"vulnerability":"VCID-dwcq-d6nf-1ubn"},{"vulnerability":"VCID-u6vb-w2bu-ykfk"},{"vulnerability":"VCID-yeaf-ta2h-p7c1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-core@3.0.8.RELEASE"},{"url":"http://public2.vulnerablecode.io/api/packages/84566?format=json","purl":"pkg:maven/org.springframework.security/spring-security-core@3.1.3","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-core@3.1.3"},{"url":"http://public2.vulnerablecode.io/api/packages/20144?format=json","purl":"pkg:maven/org.springframework.security/spring-security-core@3.1.3.RELEASE","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-8jtc-ehgu-x3c5"},{"vulnerability":"VCID-cden-3spy-pyhz"},{"vulnerability":"VCID-deuk-emca-3kgr"},{"vulnerability":"VCID-dfs4-emmn-f3eb"},{"vulnerability":"VCID-dwcq-d6nf-1ubn"},{"vulnerability":"VCID-u6vb-w2bu-ykfk"},{"vulnerability":"VCID-yeaf-ta2h-p7c1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-core@3.1.3.RELEASE"}],"aliases":["CVE-2012-5055","GHSA-3533-rvpc-6x56"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-w4q4-38gp-m3d8"}],"fixing_vulnerabilities":[],"risk_score":"10.0","resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-core@3.0.0"}