Search for packages
| purl | pkg:maven/org.springframework/spring-websocket@4.1.1.RELEASE |
| Next non-vulnerable version | 4.1.8.RELEASE |
| Latest non-vulnerable version | 6.2.12 |
| Risk | 4.0 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-2ke4-ywbk-2qha
Aliases: CVE-2015-5211 GHSA-pgf9-h69p-pcgf |
Improper Input Validation Under some situations, the Spring Framework is vulnerable to a Reflected File Download (RFD) attack. The attack involves a malicious user crafting a URL with a batch script extension that results in the response being downloaded rather than rendered and also includes some input reflected in the response. |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-txyw-49ms-n3f4
Aliases: CVE-2015-0201 GHSA-45vg-2v73-vm62 |
Insufficiently random session id in Java SockJS client The Java SockJS client in this package generates predictable session ids, which allows remote attackers to send messages to other sessions via unspecified vectors. |
Affected by 1 other vulnerability. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-06-04T20:08:05.928578+00:00 | GitLab Importer | Affected by | VCID-2ke4-ywbk-2qha | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.springframework/spring-websocket/CVE-2015-5211.yml | 38.6.0 |
| 2026-06-04T20:04:44.503825+00:00 | GitLab Importer | Affected by | VCID-txyw-49ms-n3f4 | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.springframework/spring-websocket/CVE-2015-0201.yml | 38.6.0 |