Known Vulnerabilities for Spring Framework by Pivotal Software

Listed below are 10 of the newest known vulnerabilities associated with "Spring Framework" by "Pivotal Software".

These CVEs are retrieved based on exact matches on listed software, hardware, and vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed software information are still displayed.

Data on known vulnerable versions is also displayed based on information from known CPEs

Known Vulnerabilities

CVE	Shortened Description	Severity	Publish Date	Last Modified
CVE-2022-22950	n Spring Framework versions 5.3.0 - 5.3.16 and older unsupported versions, it is possible for a user to provide a specially c...	6.5 - MEDIUM	2022-04-01	2022-06-22
CVE-2021-22118	In Spring Framework, versions 5.2.x prior to 5.2.15 and versions 5.3.x prior to 5.3.7, a WebFlux application is vulnerable to...	7.8 - HIGH	2021-05-27	2022-10-25
CVE-2020-5421	In Spring Framework versions 5.2.0 - 5.2.8, 5.1.0 - 5.1.17, 5.0.0 - 5.0.18, 4.3.0 - 4.3.28, and older unsupported versions, t...	6.5 - MEDIUM	2020-09-19	2023-11-07
CVE-2020-5398	In Spring Framework, versions 5.2.x prior to 5.2.3, versions 5.1.x prior to 5.1.13, and versions 5.0.x prior to 5.0.16, an ap...	7.5 - HIGH	2020-01-17	2023-11-07
CVE-2020-5397	Spring Framework, versions 5.2.x prior to 5.2.3 are vulnerable to CSRF attacks through CORS preflight requests that target Sp...	5.3 - MEDIUM	2020-01-17	2022-07-25
CVE-2018-1271	Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applicat...	5.9 - MEDIUM	2018-04-06	2022-06-23
CVE-2018-1270	Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applicat...	9.8 - CRITICAL	2018-04-06	2023-11-07
CVE-2018-1258	Spring Framework version 5.0.5 when used in combination with any versions of Spring Security contains an authorization bypass...	8.8 - HIGH	2018-05-11	2022-04-11
CVE-2018-1257	Spring Framework, versions 5.0.x prior to 5.0.6, versions 4.3.x prior to 4.3.17, and older unsupported versions allows applic...	6.5 - MEDIUM	2018-05-11	2022-06-23
CVE-2018-1199	Spring Security (Spring Security 4.1.x before 4.1.5, 4.2.x before 4.2.4, and 5.0.x before 5.0.1; and Spring Framework 4.3.x b...	5.3 - MEDIUM	2018-03-16	2023-11-07

Results limited to 10 most recent vulnerabilities

Known Affected Configurations (CPE V2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Application	Pivotal Software	Spring Framework	5.2.3	All	All	All
Application	Pivotal Software	Spring Framework	5.2.2	All	All	All
Application	Pivotal Software	Spring Framework	5.2.1	All	All	All
Application	Pivotal Software	Spring Framework	5.2.0	-	All	All
Application	Pivotal Software	Spring Framework	5.2.0	milestone1	All	All
Application	Pivotal Software	Spring Framework	5.2.0	milestone2	All	All
Application	Pivotal Software	Spring Framework	5.2.0	milestone3	All	All
Application	Pivotal Software	Spring Framework	5.2.0	rc1	All	All
Application	Pivotal Software	Spring Framework	5.2.0	rc2	All	All
Application	Pivotal Software	Spring Framework	5.1.9	All	All	All
Application	Pivotal Software	Spring Framework	5.1.8	All	All	All
Application	Pivotal Software	Spring Framework	5.1.7	All	All	All
Application	Pivotal Software	Spring Framework	5.1.6	All	All	All
Application	Pivotal Software	Spring Framework	5.1.5	All	All	All
Application	Pivotal Software	Spring Framework	5.1.4	All	All	All
Application	Pivotal Software	Spring Framework	5.1.3	All	All	All
Application	Pivotal Software	Spring Framework	5.1.2	All	All	All
Application	Pivotal Software	Spring Framework	5.1.13	All	All	All
Application	Pivotal Software	Spring Framework	5.1.12	All	All	All
Application	Pivotal Software	Spring Framework	5.1.11	All	All	All

Results limited to 20 most recent known configurations