Vulnerabilities in Spring
149 resultsCVE-2024-22236LOWIn Spring Cloud Contract, versions 4.1.x prior to 4.1.1, versions 4.0.x prior to 4.0.5, and versions 3.1.x prior to 3.1.10, test execution iEPSS 0.2%CVE-2026-41002HIGHThe base directory (`spring.cloud.config.server.git.basedir`) used by the Spring Cloud Config Server to clone Git repositories to is susceptEPSS 0.2%CVE-2026-22754HIGHervlet Path Not Correctly Included in Path Matching of XML Authorization RulesEPSS 0.2%CVE-2026-22746LOWUser Attribute Enumeration when Using DaoAuthenticationProviderEPSS 0.2%CVE-2026-40990MEDIUMUnbounded cache for function definitionsEPSS 0.2%CVE-2026-41706MEDIUMOpen Redirect When Using CookieRequestCacheEPSS 0.2%CVE-2026-40975MEDIUMValues produced by ${random.value} are not suitable for use as secrets. ${random.uuid} is not affected. ${random.int} and ${random.long} shoEPSS 0.2%CVE-2026-40989MEDIUMSelf Routing guard bypassed via function compositionEPSS 0.2%CVE-2026-40987HIGHRemote-file synchronizer in Spring Integration writes server-supplied filename under localDirectory without canonicalizationEPSS 0.2%CVE-2026-41003HIGHUnencoded HTML Outputs in Spring Security May Allow Cross-Site ScriptingEPSS 0.2%CVE-2026-22748MEDIUMPotential Security Misconfiguration when Using withIssuerLocationEPSS 0.2%CVE-2026-41719MEDIUMSpring Data KeyValue - SpEL Injection vulnerability in SpelPropertyComparatorEPSS 0.2%CVE-2026-40986MEDIUMSpring Web Flow JS RemotingHandler renders non-HTML Response as HTMLEPSS 0.2%CVE-2026-40969LOWSpring gRPC AuthenticationException message reflected to remote clientEPSS 0.2%CVE-2026-40993HIGHUnfiltered Java Native Deserialization of SAML 2.0 Asserting Party Credentials BLOB Database EntryEPSS 0.2%CVE-2026-41839MEDIUMSpring Framework Escalation via Session Fixation in WebFluxEPSS 0.2%CVE-2026-41730MEDIUMSpring Data REST exposes persistence-layer internals in error responsesEPSS 0.2%CVE-2026-41837MEDIUMSpring Data REST Querydsl integration exposes Jackson-hidden persistent fields as filter keysEPSS 0.2%CVE-2026-41853MEDIUMSpring Framework Multipart Request Smuggling in Spring MVC and WebFluxEPSS 0.2%CVE-2026-41700HIGHCross-Site WebSocket Hijacking in Spring for GraphQLEPSS 0.2%