VulnerableCode Package Details - pkg:maven/org.springframework/spring-webmvc@5.3.26

Search for packages

Vulnerability	Summary	Fixed by
VCID-7x5d-wtf5-3kau Aliases: CVE-2024-38828 GHSA-w3c8-7r8f-9jp8	Spring MVC controller vulnerable to a DoS attack Spring MVC controller methods with an @RequestBody byte[] method parameter are vulnerable to a DoS attack.	5.3.42 Affected by 0 other vulnerabilities. 6.0.0 Affected by 7 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}

Vulnerability

Summary

Fixed by

VCID-7x5d-wtf5-3kau
Aliases:
CVE-2024-38828
GHSA-w3c8-7r8f-9jp8

Spring MVC controller vulnerable to a DoS attack Spring MVC controller methods with an @RequestBody byte[] method parameter are vulnerable to a DoS attack.

5.3.42
Affected by 0 other vulnerabilities.

6.0.0
Affected by 7 other vulnerabilities.

Vulnerability	Summary	Aliases
VCID-afh4-nhxq-y3he	Spring Framework is vulnerable to security bypass via mvcRequestMatcher pattern mismatch Spring Framework running version 6.0.0 - 6.0.6 or 5.3.0 - 5.3.25 using "**" as a pattern in Spring Security configuration with the mvcRequestMatcher creates a mismatch in pattern matching between Spring Security and Spring MVC, and the potential for a security bypass.	CVE-2023-20860 GHSA-7phw-cxx7-q9vq

Vulnerability

Summary

Aliases

VCID-afh4-nhxq-y3he

Spring Framework is vulnerable to security bypass via mvcRequestMatcher pattern mismatch Spring Framework running version 6.0.0 - 6.0.6 or 5.3.0 - 5.3.25 using "**" as a pattern in Spring Security configuration with the mvcRequestMatcher creates a mismatch in pattern matching between Spring Security and Spring MVC, and the potential for a security bypass.

CVE-2023-20860
GHSA-7phw-cxx7-q9vq

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-16T23:14:55.178737+00:00	GitLab Importer	Affected by	VCID-7x5d-wtf5-3kau	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.springframework/spring-webmvc/CVE-2024-38828.yml	38.4.0
2026-04-16T22:25:37.683376+00:00	GitLab Importer	Fixing	VCID-afh4-nhxq-y3he	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.springframework/spring-webmvc/CVE-2023-20860.yml	38.4.0
2026-04-12T00:33:30.649284+00:00	GitLab Importer	Affected by	VCID-7x5d-wtf5-3kau	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.springframework/spring-webmvc/CVE-2024-38828.yml	38.3.0
2026-04-11T23:43:50.695250+00:00	GitLab Importer	Fixing	VCID-afh4-nhxq-y3he	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.springframework/spring-webmvc/CVE-2023-20860.yml	38.3.0
2026-04-03T00:41:13.683684+00:00	GitLab Importer	Affected by	VCID-7x5d-wtf5-3kau	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.springframework/spring-webmvc/CVE-2024-38828.yml	38.1.0
2026-04-02T23:47:32.484287+00:00	GitLab Importer	Fixing	VCID-afh4-nhxq-y3he	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.springframework/spring-webmvc/CVE-2023-20860.yml	38.1.0
2026-04-02T16:59:13.739231+00:00	GHSA Importer	Fixing	VCID-afh4-nhxq-y3he	https://github.com/advisories/GHSA-7phw-cxx7-q9vq	38.1.0
2026-04-01T12:58:32.379833+00:00	GithubOSV Importer	Fixing	VCID-afh4-nhxq-y3he	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/03/GHSA-7phw-cxx7-q9vq/GHSA-7phw-cxx7-q9vq.json	38.0.0
2026-04-01T12:51:04.308526+00:00	GitLab Importer	Fixing	VCID-afh4-nhxq-y3he	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.springframework/spring-webmvc/CVE-2023-20860.yml	38.0.0