Spring Framework — универсальный фреймворк с открытым исходным кодом для Java-платформы.

Релизный цикл, информация об уязвимостях

Продукт: Spring Framework

Вендор: VMware

График релизов

Недавние уязвимости Spring Framework

Количество 241

CVE-2023-20861

больше 2 лет назад

In Spring Framework versions 6.0.0 - 6.0.6, 5.3.0 - 5.3.25, 5.2.0.RELEASE - 5.2.22.RELEASE, and older unsupported versions, it is possible for a user to provide a specially crafted SpEL expression that may cause a denial-of-service (DoS) condition.

CVSS3: 5.3

EPSS: Низкий

GHSA-rfmp-97jj-h8m6

около 3 лет назад

Improper Output Neutralization for Logs in Spring Framework

CVSS3: 4.3

EPSS: Низкий

GHSA-gfwj-fwqj-fp3v

около 3 лет назад

Improper Privilege Management in Spring Framework

CVSS3: 7.8

EPSS: Низкий

GHSA-4wrc-f8pq-fpqp

около 3 лет назад

Pivotal Spring Framework contains unsafe Java deserialization methods

CVSS3: 9.8

EPSS: Средний

GHSA-vpr3-f594-mg5g

около 3 лет назад

Improper Control of Generation of Code ('Code Injection') in Spring Framework

EPSS: Низкий

GHSA-wv88-pf73-x22p

около 3 лет назад

Improper Neutralization of Directives in Dynamically Evaluated Code in Spring Framework

EPSS: Средний

GHSA-f866-m9mv-2xr3

около 3 лет назад

Spring Framework and Spring Security vulnerable to Deserialization of Untrusted Data

EPSS: Средний

GHSA-ff7p-jqjm-v66h

около 3 лет назад

Improper Neutralization of Input During Web Page Generation in Spring Framework

EPSS: Низкий

GHSA-rhcg-rwhx-qj3j

около 3 лет назад

Improper Limitation of a Pathname to a Restricted Directory in Spring Framework

EPSS: Низкий

GHSA-g6hf-f9cq-q7w7

около 3 лет назад

Cross-Site Request Forgery in Spring Framework

EPSS: Средний

Уязвимостей на страницу

Уязвимость	CVSS	EPSS	Опубликовано 1
CVE-2023-20861 In Spring Framework versions 6.0.0 - 6.0.6, 5.3.0 - 5.3.25, 5.2.0.RELEASE - 5.2.22.RELEASE, and older unsupported versions, it is possible for a user to provide a specially crafted SpEL expression that may cause a denial-of-service (DoS) condition.	CVSS3: 5.3	0% Низкий	больше 2 лет назад
GHSA-rfmp-97jj-h8m6 Improper Output Neutralization for Logs in Spring Framework	CVSS3: 4.3	0% Низкий	около 3 лет назад
GHSA-gfwj-fwqj-fp3v Improper Privilege Management in Spring Framework	CVSS3: 7.8	0% Низкий	около 3 лет назад
GHSA-4wrc-f8pq-fpqp Pivotal Spring Framework contains unsafe Java deserialization methods	CVSS3: 9.8	49% Средний	около 3 лет назад
GHSA-vpr3-f594-mg5g Improper Control of Generation of Code ('Code Injection') in Spring Framework		3% Низкий	около 3 лет назад
GHSA-wv88-pf73-x22p Improper Neutralization of Directives in Dynamically Evaluated Code in Spring Framework		53% Средний	около 3 лет назад
GHSA-f866-m9mv-2xr3 Spring Framework and Spring Security vulnerable to Deserialization of Untrusted Data		15% Средний	около 3 лет назад
GHSA-ff7p-jqjm-v66h Improper Neutralization of Input During Web Page Generation in Spring Framework		2% Низкий	около 3 лет назад
GHSA-rhcg-rwhx-qj3j Improper Limitation of a Pathname to a Restricted Directory in Spring Framework		6% Низкий	около 3 лет назад
GHSA-g6hf-f9cq-q7w7 Cross-Site Request Forgery in Spring Framework		58% Средний	около 3 лет назад

Уязвимостей на страницу