Spring Framework — универсальный фреймворк с открытым исходным кодом для Java-платформы.
Релизный цикл, информация об уязвимостях
График релизов
Количество 239
CVE-2023-20861
In Spring Framework versions 6.0.0 - 6.0.6, 5.3.0 - 5.3.25, 5.2.0.RELEASE - 5.2.22.RELEASE, and older unsupported versions, it is possible for a user to provide a specially crafted SpEL expression that may cause a denial-of-service (DoS) condition.
GHSA-rfmp-97jj-h8m6
Improper Output Neutralization for Logs in Spring Framework
GHSA-gfwj-fwqj-fp3v
Improper Privilege Management in Spring Framework
GHSA-4wrc-f8pq-fpqp
Pivotal Spring Framework contains unsafe Java deserialization methods
GHSA-vpr3-f594-mg5g
Improper Control of Generation of Code ('Code Injection') in Spring Framework
GHSA-wv88-pf73-x22p
Improper Neutralization of Directives in Dynamically Evaluated Code in Spring Framework
GHSA-f866-m9mv-2xr3
Spring Framework and Spring Security vulnerable to Deserialization of Untrusted Data
GHSA-ff7p-jqjm-v66h
Improper Neutralization of Input During Web Page Generation in Spring Framework
GHSA-rhcg-rwhx-qj3j
Improper Limitation of a Pathname to a Restricted Directory in Spring Framework
GHSA-hhm4-hwq6-3c6w
Improper Limitation of a Pathname to a Restricted Directory in Spring Framework
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
 | CVE-2023-20861 In Spring Framework versions 6.0.0 - 6.0.6, 5.3.0 - 5.3.25, 5.2.0.RELEASE - 5.2.22.RELEASE, and older unsupported versions, it is possible for a user to provide a specially crafted SpEL expression that may cause a denial-of-service (DoS) condition. | CVSS3: 5.3 | 0% Низкий | около 3 лет назад |
| GHSA-rfmp-97jj-h8m6 Improper Output Neutralization for Logs in Spring Framework | CVSS3: 4.3 | 0% Низкий | почти 4 года назад |
| GHSA-gfwj-fwqj-fp3v Improper Privilege Management in Spring Framework | CVSS3: 7.8 | 0% Низкий | почти 4 года назад |
| GHSA-4wrc-f8pq-fpqp Pivotal Spring Framework contains unsafe Java deserialization methods | CVSS3: 9.8 | 60% Средний | почти 4 года назад |
| GHSA-vpr3-f594-mg5g Improper Control of Generation of Code ('Code Injection') in Spring Framework | 2% Низкий | почти 4 года назад | |
| GHSA-wv88-pf73-x22p Improper Neutralization of Directives in Dynamically Evaluated Code in Spring Framework | 47% Средний | почти 4 года назад | |
| GHSA-f866-m9mv-2xr3 Spring Framework and Spring Security vulnerable to Deserialization of Untrusted Data | 2% Низкий | почти 4 года назад | |
| GHSA-ff7p-jqjm-v66h Improper Neutralization of Input During Web Page Generation in Spring Framework | 2% Низкий | почти 4 года назад | |
| GHSA-rhcg-rwhx-qj3j Improper Limitation of a Pathname to a Restricted Directory in Spring Framework | 4% Низкий | почти 4 года назад | |
| GHSA-hhm4-hwq6-3c6w Improper Limitation of a Pathname to a Restricted Directory in Spring Framework | 17% Средний | почти 4 года назад |
Уязвимостей на страницу