Search for packages
| purl | pkg:maven/org.springframework/spring-core@4.1.0 |
| Tags | Ghost |
| Next non-vulnerable version | 5.2.24.RELEASE |
| Latest non-vulnerable version | 6.2.11 |
| Risk | 4.0 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-3jmf-5kbf-bbe2
Aliases: CVE-2019-11272 GHSA-v33x-prhc-gph5 |
PlaintextPasswordEncoder authenticates encoded passwords that are null Spring Security supports plain text passwords using `PlaintextPasswordEncoder`. a malicious user (or attacker) can authenticate using a password of `null`. |
Affected by 11 other vulnerabilities. Affected by 13 other vulnerabilities. |
|
VCID-txyw-49ms-n3f4
Aliases: CVE-2015-0201 GHSA-45vg-2v73-vm62 |
Insufficiently random session id in Java SockJS client The Java SockJS client in this package generates predictable session ids, which allows remote attackers to send messages to other sessions via unspecified vectors. |
Affected by 1 other vulnerability. Affected by 11 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-06-05T21:07:13.286389+00:00 | GHSA Importer | Affected by | VCID-txyw-49ms-n3f4 | https://github.com/advisories/GHSA-45vg-2v73-vm62 | 38.6.0 |
| 2026-06-04T16:21:38.877826+00:00 | GitLab Importer | Affected by | VCID-3jmf-5kbf-bbe2 | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.springframework/spring-core/CVE-2019-11272.yml | 38.6.0 |
| 2026-06-02T04:38:27.923428+00:00 | GitLab Importer | Affected by | VCID-txyw-49ms-n3f4 | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.springframework/spring-core/CVE-2015-0201.yml | 38.6.0 |