Spring Framework — универсальный фреймворк с открытым исходным кодом для Java-платформы.
Релизный цикл, информация об уязвимостях
График релизов
Количество 241
GHSA-4gc7-5j7h-4qph
Spring Framework DataBinder Case Sensitive Match Exception
CVE-2024-38820
The fix for CVE-2022-22968 made disallowedFields patterns in DataBinder case insensitive. However, String.toLowerCase() has some Locale dependent exceptions that could potentially result in fields not protected as expected.
CVE-2024-38820
The fix for CVE-2022-22968 made disallowedFieldspatterns in DataBinder ...
CVE-2024-38820
The fix for CVE-2022-22968 made disallowedFields patterns in DataBinder case insensitive. However, String.toLowerCase() has some Locale dependent exceptions that could potentially result in fields not protected as expected.
GHSA-9cmq-m9j5-mvww
Spring Framework vulnerable to Denial of Service
CVE-2024-38808
In Spring Framework versions 5.3.0 - 5.3.38 and older unsupported versions, it is possible for a user to provide a specially crafted Spring Expression Language (SpEL) expression that may cause a denial of service (DoS) condition. Specifically, an application is vulnerable when the following is true: * The application evaluates user-supplied SpEL expressions.
CVE-2024-38808
In Spring Framework versions 5.3.0 - 5.3.38 and older unsupported vers ...
CVE-2024-38808
In Spring Framework versions 5.3.0 - 5.3.38 and older unsupported versions, it is possible for a user to provide a specially crafted Spring Expression Language (SpEL) expression that may cause a denial of service (DoS) condition. Specifically, an application is vulnerable when the following is true: * The application evaluates user-supplied SpEL expressions.
CVE-2024-38808
In Spring Framework versions 5.3.0 - 5.3.38 and older unsupported versions, it is possible for a user to provide a specially crafted Spring Expression Language (SpEL) expression that may cause a denial of service (DoS) condition. Specifically, an application is vulnerable when the following is true: * The application evaluates user-supplied SpEL expressions.
GHSA-hgjh-9rj2-g67j
Spring Framework URL Parsing with Host Validation Vulnerability
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
| GHSA-4gc7-5j7h-4qph Spring Framework DataBinder Case Sensitive Match Exception | CVSS3: 5.3 | 0% Низкий | 10 месяцев назад |
 | CVE-2024-38820 The fix for CVE-2022-22968 made disallowedFields patterns in DataBinder case insensitive. However, String.toLowerCase() has some Locale dependent exceptions that could potentially result in fields not protected as expected. | CVSS3: 3.1 | 0% Низкий | 10 месяцев назад |
| CVE-2024-38820 The fix for CVE-2022-22968 made disallowedFieldspatterns in DataBinder ... | CVSS3: 3.1 | 0% Низкий | 10 месяцев назад |
 | CVE-2024-38820 The fix for CVE-2022-22968 made disallowedFields patterns in DataBinder case insensitive. However, String.toLowerCase() has some Locale dependent exceptions that could potentially result in fields not protected as expected. | CVSS3: 3.1 | 0% Низкий | 10 месяцев назад |
| GHSA-9cmq-m9j5-mvww Spring Framework vulnerable to Denial of Service | CVSS3: 4.3 | 0% Низкий | 12 месяцев назад |
| CVE-2024-38808 In Spring Framework versions 5.3.0 - 5.3.38 and older unsupported versions, it is possible for a user to provide a specially crafted Spring Expression Language (SpEL) expression that may cause a denial of service (DoS) condition. Specifically, an application is vulnerable when the following is true: * The application evaluates user-supplied SpEL expressions. | CVSS3: 4.3 | 0% Низкий | 12 месяцев назад |
| CVE-2024-38808 In Spring Framework versions 5.3.0 - 5.3.38 and older unsupported vers ... | CVSS3: 4.3 | 0% Низкий | 12 месяцев назад |
| CVE-2024-38808 In Spring Framework versions 5.3.0 - 5.3.38 and older unsupported versions, it is possible for a user to provide a specially crafted Spring Expression Language (SpEL) expression that may cause a denial of service (DoS) condition. Specifically, an application is vulnerable when the following is true: * The application evaluates user-supplied SpEL expressions. | CVSS3: 4.3 | 0% Низкий | 12 месяцев назад |
 | CVE-2024-38808 In Spring Framework versions 5.3.0 - 5.3.38 and older unsupported versions, it is possible for a user to provide a specially crafted Spring Expression Language (SpEL) expression that may cause a denial of service (DoS) condition. Specifically, an application is vulnerable when the following is true: * The application evaluates user-supplied SpEL expressions. | CVSS3: 5.9 | 0% Низкий | 12 месяцев назад |
| GHSA-hgjh-9rj2-g67j Spring Framework URL Parsing with Host Validation Vulnerability | CVSS3: 8.1 | 25% Средний | больше 1 года назад |
Уязвимостей на страницу