VulnerableCode Package Details - pkg:maven/org.springframework/spring-web@5.3.23

Search for packages

Vulnerability	Summary	Fixed by
VCID-1rv3-3z83-2yd1 Aliases: CVE-2024-22262 GHSA-2wrp-6fg6-hmc5	Spring Framework URL Parsing with Host Validation Applications that use UriComponentsBuilder to parse an externally provided URL (e.g. through a query parameter) AND perform validation checks on the host of the parsed URL may be vulnerable to a open redirect https://cwe.mitre.org/data/definitions/601.html attack or to a SSRF attack if the URL is used after passing validation checks. This is the same as CVE-2024-22259 https://spring.io/security/cve-2024-22259 and CVE-2024-22243 https://spring.io/security/cve-2024-22243 , but with different input.	5.3.34 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 6.0.19 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} 6.1.6 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-7mrx-1x83-uugp Aliases: CVE-2024-38809 GHSA-2rmj-mq67-h97g	Spring Framework DoS via conditional HTTP request Applications that parse ETags from `If-Match` or `If-None-Match` request headers are vulnerable to DoS attack.	5.3.38 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} 6.0.23 Affected by 0 other vulnerabilities. 6.1.12 Affected by 0 other vulnerabilities.
VCID-kcma-n11h-q7ft Aliases: CVE-2016-1000027 GHSA-4wrc-f8pq-fpqp	Deserialization of Untrusted Data Pivotal Spring Framework suffers from a potential remote code execution (RCE) issue if used for Java deserialization of untrusted data. Depending on how the library is implemented within a product, this issue may or not occur, and authentication may be required.	6.0.0 Affected by 5 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}

Vulnerability

Summary

Fixed by

VCID-1rv3-3z83-2yd1
Aliases:
CVE-2024-22262
GHSA-2wrp-6fg6-hmc5

Spring Framework URL Parsing with Host Validation Applications that use UriComponentsBuilder to parse an externally provided URL (e.g. through a query parameter) AND perform validation checks on the host of the parsed URL may be vulnerable to a open redirect https://cwe.mitre.org/data/definitions/601.html attack or to a SSRF attack if the URL is used after passing validation checks. This is the same as CVE-2024-22259 https://spring.io/security/cve-2024-22259 and CVE-2024-22243 https://spring.io/security/cve-2024-22243 , but with different input.

5.3.34
Affected by 2 other vulnerabilities.

6.0.19
Affected by 1 other vulnerability.

6.1.6
Affected by 1 other vulnerability.

VCID-7mrx-1x83-uugp
Aliases:
CVE-2024-38809
GHSA-2rmj-mq67-h97g

Spring Framework DoS via conditional HTTP request Applications that parse ETags from `If-Match` or `If-None-Match` request headers are vulnerable to DoS attack.

5.3.38
Affected by 1 other vulnerability.

6.0.23
Affected by 0 other vulnerabilities.

6.1.12
Affected by 0 other vulnerabilities.

VCID-kcma-n11h-q7ft
Aliases:
CVE-2016-1000027
GHSA-4wrc-f8pq-fpqp

Deserialization of Untrusted Data Pivotal Spring Framework suffers from a potential remote code execution (RCE) issue if used for Java deserialization of untrusted data. Depending on how the library is implemented within a product, this issue may or not occur, and authentication may be required.

6.0.0
Affected by 5 other vulnerabilities.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-06-06T05:24:28.335295+00:00	GitLab Importer	Affected by	VCID-7mrx-1x83-uugp	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.springframework/spring-web/CVE-2024-38809.yml	38.6.0
2026-06-06T04:49:24.822235+00:00	GitLab Importer	Affected by	VCID-1rv3-3z83-2yd1	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.springframework/spring-web/CVE-2024-22262.yml	38.6.0
2026-06-06T02:33:01.699709+00:00	GitLab Importer	Affected by	VCID-kcma-n11h-q7ft	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.springframework/spring-web/CVE-2016-1000027.yml	38.6.0