Vulnerability Instance
Lookup for vulnerabilities affecting packages.
GET /api/vulnerabilities/84146?format=api
{ "url": "http://public2.vulnerablecode.io/api/vulnerabilities/84146?format=api", "vulnerability_id": "VCID-1vzp-x3f4-aqay", "summary": "When using Google Secrets Manager as a backend for the Spring Cloud Config server a client can craft a request to the config server potentially exposing secrets from unintended GCP projects.\nSpring Cloud Config 3.1.x: affected from 3.1.0 through 3.1.13 (inclusive); upgrade to 3.1.14 or greater (Enterprise Support Only). Spring Cloud Config 4.1.x: affected from 4.1.0 through 4.1.9 (inclusive); upgrade to 4.1.10 or greater (Enterprise Support Only). Spring Cloud Config 4.2.x: affected from 4.2.0 through 4.2.6 (inclusive); upgrade to 4.2.7 or greater (Enterprise Support Only). Spring Cloud Config 4.3.x: affected from 4.3.0 through 4.3.2 (inclusive); upgrade to 4.3.3 or greater. Spring Cloud Config 5.0.x: affected from 5.0.0 through 5.0.2 (inclusive); upgrade to 5.0.3 or greater.", "aliases": [ { "alias": "CVE-2026-40981" }, { "alias": "GHSA-2mh5-3cw6-hrrq" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1061078?format=api", "purl": "pkg:maven/org.springframework.cloud/spring-cloud-config@4.0.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.cloud/spring-cloud-config@4.0.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/1061095?format=api", "purl": "pkg:maven/org.springframework.cloud/spring-cloud-config@4.3.3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.cloud/spring-cloud-config@4.3.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/1061099?format=api", "purl": "pkg:maven/org.springframework.cloud/spring-cloud-config@5.0.3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.cloud/spring-cloud-config@5.0.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/1060922?format=api", "purl": "pkg:maven/org.springframework.cloud/spring-cloud-config-server@4.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4rv4-nm53-bya6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.cloud/spring-cloud-config-server@4.0.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/375835?format=api", "purl": "pkg:maven/org.springframework.cloud/spring-cloud-config-server@4.3.3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.cloud/spring-cloud-config-server@4.3.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/375836?format=api", "purl": "pkg:maven/org.springframework.cloud/spring-cloud-config-server@5.0.3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.cloud/spring-cloud-config-server@5.0.3" } ], "affected_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1087179?format=api", "purl": "pkg:maven/org.springframework.cloud/spring-cloud-config@3.1.13", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vzp-x3f4-aqay" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.cloud/spring-cloud-config@3.1.13" }, { "url": "http://public2.vulnerablecode.io/api/packages/1087178?format=api", "purl": "pkg:maven/org.springframework.cloud/spring-cloud-config@4.1.9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vzp-x3f4-aqay" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.cloud/spring-cloud-config@4.1.9" }, { "url": "http://public2.vulnerablecode.io/api/packages/1087176?format=api", "purl": "pkg:maven/org.springframework.cloud/spring-cloud-config@4.2.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vzp-x3f4-aqay" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.cloud/spring-cloud-config@4.2.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/1061067?format=api", "purl": "pkg:maven/org.springframework.cloud/spring-cloud-config@3.1.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vzp-x3f4-aqay" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.cloud/spring-cloud-config@3.1.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/1061068?format=api", "purl": "pkg:maven/org.springframework.cloud/spring-cloud-config@3.1.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vzp-x3f4-aqay" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.cloud/spring-cloud-config@3.1.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/1061069?format=api", "purl": "pkg:maven/org.springframework.cloud/spring-cloud-config@3.1.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vzp-x3f4-aqay" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.cloud/spring-cloud-config@3.1.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/1061070?format=api", "purl": "pkg:maven/org.springframework.cloud/spring-cloud-config@3.1.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vzp-x3f4-aqay" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.cloud/spring-cloud-config@3.1.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/1061071?format=api", "purl": "pkg:maven/org.springframework.cloud/spring-cloud-config@3.1.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vzp-x3f4-aqay" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.cloud/spring-cloud-config@3.1.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/1061072?format=api", "purl": "pkg:maven/org.springframework.cloud/spring-cloud-config@3.1.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vzp-x3f4-aqay" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.cloud/spring-cloud-config@3.1.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/1061073?format=api", "purl": "pkg:maven/org.springframework.cloud/spring-cloud-config@3.1.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vzp-x3f4-aqay" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.cloud/spring-cloud-config@3.1.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/1061074?format=api", "purl": "pkg:maven/org.springframework.cloud/spring-cloud-config@3.1.7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vzp-x3f4-aqay" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.cloud/spring-cloud-config@3.1.7" }, { "url": "http://public2.vulnerablecode.io/api/packages/1061075?format=api", "purl": "pkg:maven/org.springframework.cloud/spring-cloud-config@3.1.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vzp-x3f4-aqay" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.cloud/spring-cloud-config@3.1.8" }, { "url": "http://public2.vulnerablecode.io/api/packages/1061076?format=api", "purl": "pkg:maven/org.springframework.cloud/spring-cloud-config@3.1.9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vzp-x3f4-aqay" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.cloud/spring-cloud-config@3.1.9" }, { "url": "http://public2.vulnerablecode.io/api/packages/1061077?format=api", "purl": "pkg:maven/org.springframework.cloud/spring-cloud-config@3.1.10", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vzp-x3f4-aqay" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.cloud/spring-cloud-config@3.1.10" }, { "url": "http://public2.vulnerablecode.io/api/packages/1061079?format=api", "purl": "pkg:maven/org.springframework.cloud/spring-cloud-config@4.1.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vzp-x3f4-aqay" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.cloud/spring-cloud-config@4.1.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/1061080?format=api", "purl": "pkg:maven/org.springframework.cloud/spring-cloud-config@4.1.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vzp-x3f4-aqay" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.cloud/spring-cloud-config@4.1.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/1061081?format=api", "purl": "pkg:maven/org.springframework.cloud/spring-cloud-config@4.1.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vzp-x3f4-aqay" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.cloud/spring-cloud-config@4.1.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/1061082?format=api", "purl": "pkg:maven/org.springframework.cloud/spring-cloud-config@4.1.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vzp-x3f4-aqay" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.cloud/spring-cloud-config@4.1.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/1061083?format=api", "purl": "pkg:maven/org.springframework.cloud/spring-cloud-config@4.1.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vzp-x3f4-aqay" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.cloud/spring-cloud-config@4.1.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/1061084?format=api", "purl": "pkg:maven/org.springframework.cloud/spring-cloud-config@4.1.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vzp-x3f4-aqay" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.cloud/spring-cloud-config@4.1.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/1061085?format=api", "purl": "pkg:maven/org.springframework.cloud/spring-cloud-config@4.1.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vzp-x3f4-aqay" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.cloud/spring-cloud-config@4.1.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/1061086?format=api", "purl": "pkg:maven/org.springframework.cloud/spring-cloud-config@4.1.7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vzp-x3f4-aqay" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.cloud/spring-cloud-config@4.1.7" }, { "url": "http://public2.vulnerablecode.io/api/packages/1061087?format=api", "purl": "pkg:maven/org.springframework.cloud/spring-cloud-config@4.2.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vzp-x3f4-aqay" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.cloud/spring-cloud-config@4.2.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/1061088?format=api", "purl": "pkg:maven/org.springframework.cloud/spring-cloud-config@4.2.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vzp-x3f4-aqay" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.cloud/spring-cloud-config@4.2.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/1061089?format=api", "purl": "pkg:maven/org.springframework.cloud/spring-cloud-config@4.2.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vzp-x3f4-aqay" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.cloud/spring-cloud-config@4.2.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/1061090?format=api", "purl": "pkg:maven/org.springframework.cloud/spring-cloud-config@4.2.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vzp-x3f4-aqay" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.cloud/spring-cloud-config@4.2.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/1061091?format=api", "purl": "pkg:maven/org.springframework.cloud/spring-cloud-config@4.2.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vzp-x3f4-aqay" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.cloud/spring-cloud-config@4.2.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/1061092?format=api", "purl": "pkg:maven/org.springframework.cloud/spring-cloud-config@4.3.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vzp-x3f4-aqay" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.cloud/spring-cloud-config@4.3.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/1061093?format=api", "purl": "pkg:maven/org.springframework.cloud/spring-cloud-config@4.3.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vzp-x3f4-aqay" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.cloud/spring-cloud-config@4.3.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/1061094?format=api", "purl": "pkg:maven/org.springframework.cloud/spring-cloud-config@4.3.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vzp-x3f4-aqay" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.cloud/spring-cloud-config@4.3.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/1061096?format=api", "purl": "pkg:maven/org.springframework.cloud/spring-cloud-config@5.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vzp-x3f4-aqay" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.cloud/spring-cloud-config@5.0.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/1061097?format=api", "purl": "pkg:maven/org.springframework.cloud/spring-cloud-config@5.0.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vzp-x3f4-aqay" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.cloud/spring-cloud-config@5.0.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/1061098?format=api", "purl": "pkg:maven/org.springframework.cloud/spring-cloud-config@5.0.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vzp-x3f4-aqay" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.cloud/spring-cloud-config@5.0.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/1087174?format=api", "purl": "pkg:maven/org.springframework.cloud/spring-cloud-config-server@3.1.13", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vzp-x3f4-aqay" }, { "vulnerability": "VCID-b548-vbfs-xugq" }, { "vulnerability": "VCID-je53-ksaj-sqch" }, { "vulnerability": "VCID-zjpq-btz8-rkan" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.cloud/spring-cloud-config-server@3.1.13" }, { "url": "http://public2.vulnerablecode.io/api/packages/1087175?format=api", "purl": "pkg:maven/org.springframework.cloud/spring-cloud-config-server@4.1.9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vzp-x3f4-aqay" }, { "vulnerability": "VCID-b548-vbfs-xugq" }, { "vulnerability": "VCID-je53-ksaj-sqch" }, { "vulnerability": "VCID-zjpq-btz8-rkan" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.cloud/spring-cloud-config-server@4.1.9" }, { "url": "http://public2.vulnerablecode.io/api/packages/1087177?format=api", "purl": "pkg:maven/org.springframework.cloud/spring-cloud-config-server@4.2.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vzp-x3f4-aqay" }, { "vulnerability": "VCID-b548-vbfs-xugq" }, { "vulnerability": "VCID-je53-ksaj-sqch" }, { "vulnerability": "VCID-zjpq-btz8-rkan" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.cloud/spring-cloud-config-server@4.2.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/1060911?format=api", "purl": "pkg:maven/org.springframework.cloud/spring-cloud-config-server@3.1.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vzp-x3f4-aqay" }, { "vulnerability": "VCID-b548-vbfs-xugq" }, { "vulnerability": "VCID-je53-ksaj-sqch" }, { "vulnerability": "VCID-zjpq-btz8-rkan" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.cloud/spring-cloud-config-server@3.1.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/1060912?format=api", "purl": "pkg:maven/org.springframework.cloud/spring-cloud-config-server@3.1.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vzp-x3f4-aqay" }, { "vulnerability": "VCID-b548-vbfs-xugq" }, { "vulnerability": "VCID-je53-ksaj-sqch" }, { "vulnerability": "VCID-zjpq-btz8-rkan" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.cloud/spring-cloud-config-server@3.1.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/1060913?format=api", "purl": "pkg:maven/org.springframework.cloud/spring-cloud-config-server@3.1.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vzp-x3f4-aqay" }, { "vulnerability": "VCID-b548-vbfs-xugq" }, { "vulnerability": "VCID-je53-ksaj-sqch" }, { "vulnerability": "VCID-zjpq-btz8-rkan" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.cloud/spring-cloud-config-server@3.1.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/1060914?format=api", "purl": "pkg:maven/org.springframework.cloud/spring-cloud-config-server@3.1.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vzp-x3f4-aqay" }, { "vulnerability": "VCID-b548-vbfs-xugq" }, { "vulnerability": "VCID-je53-ksaj-sqch" }, { "vulnerability": "VCID-zjpq-btz8-rkan" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.cloud/spring-cloud-config-server@3.1.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/1060915?format=api", "purl": "pkg:maven/org.springframework.cloud/spring-cloud-config-server@3.1.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vzp-x3f4-aqay" }, { "vulnerability": "VCID-b548-vbfs-xugq" }, { "vulnerability": "VCID-je53-ksaj-sqch" }, { "vulnerability": "VCID-zjpq-btz8-rkan" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.cloud/spring-cloud-config-server@3.1.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/1060916?format=api", "purl": "pkg:maven/org.springframework.cloud/spring-cloud-config-server@3.1.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vzp-x3f4-aqay" }, { "vulnerability": "VCID-b548-vbfs-xugq" }, { "vulnerability": "VCID-je53-ksaj-sqch" }, { "vulnerability": "VCID-zjpq-btz8-rkan" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.cloud/spring-cloud-config-server@3.1.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/1060917?format=api", "purl": "pkg:maven/org.springframework.cloud/spring-cloud-config-server@3.1.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vzp-x3f4-aqay" }, { "vulnerability": "VCID-b548-vbfs-xugq" }, { "vulnerability": "VCID-je53-ksaj-sqch" }, { "vulnerability": "VCID-zjpq-btz8-rkan" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.cloud/spring-cloud-config-server@3.1.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/1060918?format=api", "purl": "pkg:maven/org.springframework.cloud/spring-cloud-config-server@3.1.7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vzp-x3f4-aqay" }, { "vulnerability": "VCID-b548-vbfs-xugq" }, { "vulnerability": "VCID-je53-ksaj-sqch" }, { "vulnerability": "VCID-zjpq-btz8-rkan" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.cloud/spring-cloud-config-server@3.1.7" }, { "url": "http://public2.vulnerablecode.io/api/packages/1060919?format=api", "purl": "pkg:maven/org.springframework.cloud/spring-cloud-config-server@3.1.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vzp-x3f4-aqay" }, { "vulnerability": "VCID-b548-vbfs-xugq" }, { "vulnerability": "VCID-je53-ksaj-sqch" }, { "vulnerability": "VCID-zjpq-btz8-rkan" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.cloud/spring-cloud-config-server@3.1.8" }, { "url": "http://public2.vulnerablecode.io/api/packages/1060920?format=api", "purl": "pkg:maven/org.springframework.cloud/spring-cloud-config-server@3.1.9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vzp-x3f4-aqay" }, { "vulnerability": "VCID-b548-vbfs-xugq" }, { "vulnerability": "VCID-je53-ksaj-sqch" }, { "vulnerability": "VCID-zjpq-btz8-rkan" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.cloud/spring-cloud-config-server@3.1.9" }, { "url": "http://public2.vulnerablecode.io/api/packages/1060921?format=api", "purl": "pkg:maven/org.springframework.cloud/spring-cloud-config-server@3.1.10", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vzp-x3f4-aqay" }, { "vulnerability": "VCID-4rv4-nm53-bya6" }, { "vulnerability": "VCID-b548-vbfs-xugq" }, { "vulnerability": "VCID-je53-ksaj-sqch" }, { "vulnerability": "VCID-zjpq-btz8-rkan" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.cloud/spring-cloud-config-server@3.1.10" }, { "url": "http://public2.vulnerablecode.io/api/packages/1060923?format=api", "purl": "pkg:maven/org.springframework.cloud/spring-cloud-config-server@4.1.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vzp-x3f4-aqay" }, { "vulnerability": "VCID-b548-vbfs-xugq" }, { "vulnerability": "VCID-je53-ksaj-sqch" }, { "vulnerability": "VCID-zjpq-btz8-rkan" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.cloud/spring-cloud-config-server@4.1.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/1060924?format=api", "purl": "pkg:maven/org.springframework.cloud/spring-cloud-config-server@4.1.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vzp-x3f4-aqay" }, { "vulnerability": "VCID-b548-vbfs-xugq" }, { "vulnerability": "VCID-je53-ksaj-sqch" }, { "vulnerability": "VCID-zjpq-btz8-rkan" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.cloud/spring-cloud-config-server@4.1.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/1060925?format=api", "purl": "pkg:maven/org.springframework.cloud/spring-cloud-config-server@4.1.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vzp-x3f4-aqay" }, { "vulnerability": "VCID-b548-vbfs-xugq" }, { "vulnerability": "VCID-je53-ksaj-sqch" }, { "vulnerability": "VCID-zjpq-btz8-rkan" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.cloud/spring-cloud-config-server@4.1.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/1060926?format=api", "purl": "pkg:maven/org.springframework.cloud/spring-cloud-config-server@4.1.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vzp-x3f4-aqay" }, { "vulnerability": "VCID-b548-vbfs-xugq" }, { "vulnerability": "VCID-je53-ksaj-sqch" }, { "vulnerability": "VCID-zjpq-btz8-rkan" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.cloud/spring-cloud-config-server@4.1.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/1060927?format=api", "purl": "pkg:maven/org.springframework.cloud/spring-cloud-config-server@4.1.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vzp-x3f4-aqay" }, { "vulnerability": "VCID-b548-vbfs-xugq" }, { "vulnerability": "VCID-je53-ksaj-sqch" }, { "vulnerability": "VCID-zjpq-btz8-rkan" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.cloud/spring-cloud-config-server@4.1.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/1060928?format=api", "purl": "pkg:maven/org.springframework.cloud/spring-cloud-config-server@4.1.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vzp-x3f4-aqay" }, { "vulnerability": "VCID-b548-vbfs-xugq" }, { "vulnerability": "VCID-je53-ksaj-sqch" }, { "vulnerability": "VCID-zjpq-btz8-rkan" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.cloud/spring-cloud-config-server@4.1.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/1060929?format=api", "purl": "pkg:maven/org.springframework.cloud/spring-cloud-config-server@4.1.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vzp-x3f4-aqay" }, { "vulnerability": "VCID-b548-vbfs-xugq" }, { "vulnerability": "VCID-je53-ksaj-sqch" }, { "vulnerability": "VCID-zjpq-btz8-rkan" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.cloud/spring-cloud-config-server@4.1.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/1060930?format=api", "purl": "pkg:maven/org.springframework.cloud/spring-cloud-config-server@4.1.7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vzp-x3f4-aqay" }, { "vulnerability": "VCID-4rv4-nm53-bya6" }, { "vulnerability": "VCID-b548-vbfs-xugq" }, { "vulnerability": "VCID-je53-ksaj-sqch" }, { "vulnerability": "VCID-zjpq-btz8-rkan" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.cloud/spring-cloud-config-server@4.1.7" }, { "url": "http://public2.vulnerablecode.io/api/packages/1060931?format=api", "purl": "pkg:maven/org.springframework.cloud/spring-cloud-config-server@4.2.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vzp-x3f4-aqay" }, { "vulnerability": "VCID-4rv4-nm53-bya6" }, { "vulnerability": "VCID-b548-vbfs-xugq" }, { "vulnerability": "VCID-je53-ksaj-sqch" }, { "vulnerability": "VCID-zjpq-btz8-rkan" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.cloud/spring-cloud-config-server@4.2.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/1060932?format=api", "purl": "pkg:maven/org.springframework.cloud/spring-cloud-config-server@4.2.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vzp-x3f4-aqay" }, { "vulnerability": "VCID-b548-vbfs-xugq" }, { "vulnerability": "VCID-je53-ksaj-sqch" }, { "vulnerability": "VCID-zjpq-btz8-rkan" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.cloud/spring-cloud-config-server@4.2.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/1060933?format=api", "purl": "pkg:maven/org.springframework.cloud/spring-cloud-config-server@4.2.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vzp-x3f4-aqay" }, { "vulnerability": "VCID-b548-vbfs-xugq" }, { "vulnerability": "VCID-je53-ksaj-sqch" }, { "vulnerability": "VCID-zjpq-btz8-rkan" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.cloud/spring-cloud-config-server@4.2.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/1060934?format=api", "purl": "pkg:maven/org.springframework.cloud/spring-cloud-config-server@4.2.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vzp-x3f4-aqay" }, { "vulnerability": "VCID-b548-vbfs-xugq" }, { "vulnerability": "VCID-je53-ksaj-sqch" }, { "vulnerability": "VCID-zjpq-btz8-rkan" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.cloud/spring-cloud-config-server@4.2.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/1060935?format=api", "purl": "pkg:maven/org.springframework.cloud/spring-cloud-config-server@4.2.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vzp-x3f4-aqay" }, { "vulnerability": "VCID-4rv4-nm53-bya6" }, { "vulnerability": "VCID-b548-vbfs-xugq" }, { "vulnerability": "VCID-je53-ksaj-sqch" }, { "vulnerability": "VCID-zjpq-btz8-rkan" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.cloud/spring-cloud-config-server@4.2.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/1060936?format=api", "purl": "pkg:maven/org.springframework.cloud/spring-cloud-config-server@4.3.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vzp-x3f4-aqay" }, { "vulnerability": "VCID-4rv4-nm53-bya6" }, { "vulnerability": "VCID-b548-vbfs-xugq" }, { "vulnerability": "VCID-je53-ksaj-sqch" }, { "vulnerability": "VCID-zjpq-btz8-rkan" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.cloud/spring-cloud-config-server@4.3.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/1060937?format=api", "purl": "pkg:maven/org.springframework.cloud/spring-cloud-config-server@4.3.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vzp-x3f4-aqay" }, { "vulnerability": "VCID-b548-vbfs-xugq" }, { "vulnerability": "VCID-je53-ksaj-sqch" }, { "vulnerability": "VCID-zjpq-btz8-rkan" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.cloud/spring-cloud-config-server@4.3.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/375276?format=api", "purl": "pkg:maven/org.springframework.cloud/spring-cloud-config-server@4.3.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vzp-x3f4-aqay" }, { "vulnerability": "VCID-b548-vbfs-xugq" }, { "vulnerability": "VCID-je53-ksaj-sqch" }, { "vulnerability": "VCID-zjpq-btz8-rkan" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.cloud/spring-cloud-config-server@4.3.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/1060938?format=api", "purl": "pkg:maven/org.springframework.cloud/spring-cloud-config-server@5.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vzp-x3f4-aqay" }, { "vulnerability": "VCID-b548-vbfs-xugq" }, { "vulnerability": "VCID-je53-ksaj-sqch" }, { "vulnerability": "VCID-zjpq-btz8-rkan" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.cloud/spring-cloud-config-server@5.0.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/1060939?format=api", "purl": "pkg:maven/org.springframework.cloud/spring-cloud-config-server@5.0.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vzp-x3f4-aqay" }, { "vulnerability": "VCID-b548-vbfs-xugq" }, { "vulnerability": "VCID-je53-ksaj-sqch" }, { "vulnerability": "VCID-zjpq-btz8-rkan" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.cloud/spring-cloud-config-server@5.0.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/375277?format=api", "purl": "pkg:maven/org.springframework.cloud/spring-cloud-config-server@5.0.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vzp-x3f4-aqay" }, { "vulnerability": "VCID-b548-vbfs-xugq" }, { "vulnerability": "VCID-je53-ksaj-sqch" }, { "vulnerability": "VCID-zjpq-btz8-rkan" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.cloud/spring-cloud-config-server@5.0.2" } ], "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-40981.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-40981.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-40981", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.06108", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-40981" }, { "reference_url": "https://github.com/spring-cloud/spring-cloud-config", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/spring-cloud/spring-cloud-config" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-40981", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-40981" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2467621", "reference_id": "2467621", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2467621" }, { "reference_url": "https://spring.io/security/cve-2026-40981", "reference_id": "cve-2026-40981", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-07T12:57:24Z/" } ], "url": "https://spring.io/security/cve-2026-40981" }, { "reference_url": "https://github.com/advisories/GHSA-2mh5-3cw6-hrrq", "reference_id": "GHSA-2mh5-3cw6-hrrq", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-2mh5-3cw6-hrrq" } ], "weaknesses": [ { "cwe_id": 639, "name": "Authorization Bypass Through User-Controlled Key", "description": "The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data." }, { "cwe_id": 1220, "name": "Insufficient Granularity of Access Control", "description": "The product implements access controls via a policy or other feature with the intention to disable or restrict accesses (reads and/or writes) to assets in a system from untrusted agents. However, implemented access controls lack required granularity, which renders the control policy too broad because it allows accesses from unauthorized agents to the security-sensitive assets." }, { "cwe_id": 937, "name": "OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities", "description": "Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013." }, { "cwe_id": 1035, "name": "OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities", "description": "Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017." } ], "exploits": [], "severity_range_score": "7.0 - 8.9", "exploitability": "0.5", "weighted_severity": "8.0", "risk_score": 4.0, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1vzp-x3f4-aqay" }