Known Vulnerabilities for Spring Web Flow by Pivotal
Listed below are 2 of the newest known vulnerabilities associated with "Spring Web Flow" by "Pivotal".
These CVEs are retrieved based on exact matches on listed software, hardware, and vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed software information are still displayed.
Data on known vulnerable versions is also displayed based on information from known CPEs
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-40986 json | Spring Web Flow's JavaScript RemotingHandler renders the body of an error response as HTML even when the response is not "tex... | Not Provided | 2026-06-11 | 2026-06-23 |
| CVE-2026-40985 json | Applications that configure the WebFlowELExpressionParser are vulnerable to the use of malicious Unified EL expressions. Aff... | Not Provided | 2026-06-11 | 2026-06-23 |
| CVE-2017-8039 json | An issue was discovered in Pivotal Spring Web Flow through 2.4.5. Applications that do not change the value of the MvcViewFac... | 5.9 - MEDIUM | 2017-11-27 | 2019-10-03 |
| CVE-2017-4971 json | Not Provided | 2017-06-13 | 2025-04-20 |
Known Affected Configurations (CPE V2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Pivotal | Spring Web Flow | 2.4.5 |