{"package":"org.springframework:spring-webmvc","ecosystem":"maven","latest_version":"7.0.0-M6","description":"Spring Web MVC","license":"Apache-2.0","license_risk":"permissive","commercial_use_notes":"Permissive: commercial closed-source use OK; preserve the copyright notice.","homepage":"https://github.com/spring-projects/spring-framework","repository":"https://github.com/spring-projects/spring-framework","downloads_weekly":551061,"health":{"score":39,"risk":"critical","breakdown":{"maintenance":10,"popularity":14,"security":0,"maturity":15,"community":0},"deprecated":false,"max_score":100},"vulnerabilities":{"count":16,"critical":2,"high":6,"medium":7,"low":1,"details":[{"vuln_id":"CVE-2016-9878","severity":"high","summary":"Pivotal Spring Framework Paths provided to the ResourceServlet were not properly sanitized","affected_versions":"<3.2.18|>=4.2.0,<4.2.9|>=4.3.0,<4.3.5|=1.0|=1.0-rc1|=1.0.1|=1.1|=1.1-rc1|=1.1-rc2|=1.1.1|=1.1.2|=1.1.3|=1.1.4|=1.1.5|=1.2|=1.2-rc1|=1.2-rc2|=1.2.1|=1.2.2|=1.2.3|=1.2.4|=1.2.5|=1.2.6|=1.2.7|=1.2.8|=1.2.9|=2.0|=2.0-m1|=2.0-m2|=2.0-m3|=2.0-m4|=2.0-m5|=2.0-rc1|=2.0-rc2|=2.0.1|=2.0.2|=2.0.3|=2.0.4|=2.0.5|=2.0.6|=2.0.7|=2.0.8|=2.5|=2.5.1|=2.5.2|=2.5.3|=2.5.4|=2.5.5|=2.5.6|=2.5.6.SEC01|=2.5.6.SEC02|=2.5.6.SEC03|=3.0.0.RELEASE|=3.0.1.RELEASE|=3.0.2.RELEASE|=3.0.3.RELEASE|=3.0.4.RELEASE|=3.0.5.RELEASE|=3.0.6.RELEASE|=3.0.7.RELEASE|=3.1.0.RELEASE|=3.1.1.RELEASE|=3.1.2.RELEASE|=3.1.3.RELEASE|=3.1.4.RELEASE|=3.2.0.RELEASE|=3.2.1.RELEASE|=3.2.10.RELEASE|=3.2.11.RELEASE|=3.2.12.RELEASE|=3.2.13.RELEASE|=3.2.14.RELEASE|=3.2.15.RELEASE|=3.2.16.RELEASE|=3.2.17.RELEASE|=3.2.2.RELEASE|=3.2.3.RELEASE|=3.2.4.RELEASE|=3.2.5.RELEASE|=3.2.6.RELEASE|=3.2.7.RELEASE|=3.2.8.RELEASE|=3.2.9.RELEASE|=4.2.0.RELEASE|=4.2.1.RELEASE|=4.2.2.RELEASE|=4.2.3.RELEASE|=4.2.4.RELEASE|=4.2.5.RELEASE|=4.2.6.RELEASE|=4.2.7.RELEASE|=4.2.8.RELEASE|=4.3.0.RELEASE|=4.3.1.RELEASE|=4.3.2.RELEASE|=4.3.3.RELEASE|=4.3.4.RELEASE","fixed_version":"4.3.5","source":"osv","published_at":"2018-10-04T20:29:55Z","in_kev":false,"epss_prob":0.04927,"epss_percentile":0.89651,"threat_tier":"theoretical"},{"vuln_id":"CVE-2022-22965","severity":"critical","summary":"Remote Code Execution in Spring Framework","affected_versions":"<5.2.20.RELEASE|>=5.3.0,<5.3.18|<5.2.20.RELEASE|>=5.3.0,<5.3.18|<2.5.12|>=2.6.0,<2.6.6|<5.2.20.RELEASE|>=5.3.0,<5.3.18|<2.5.12|>=2.6.0,<2.6.6|=1.0|=1.0-m4|=1.0-rc1|=1.0.1|=1.2|=1.2-rc1|=1.2-rc2|=1.2.1|=1.2.2|=1.2.3|=1.2.4|=1.2.5|=1.2.6|=1.2.7|=1.2.8|=1.2.9|=2.0|=2.0-m1|=2.0-m2|=2.0-m3|=2.0-m4|=2.0-m5|=2.0-rc1|=2.0-rc2|=2.0.1|=2.0.2|=2.0.3|=2.0.4|=2.0.5|=2.0.6|=2.0.7|=2.0.8|=2.5|=2.5.1|=2.5.2|=2.5.3|=2.5.4|=2.5.5|=2.5.6|=2.5.6.SEC01|=2.5.6.SEC02|=2.5.6.SEC03|=3.0.0.RELEASE|=3.0.1.RELEASE|=3.0.2.RELEASE|=3.0.3.RELEASE|=3.0.4.RELEASE|=3.0.5.RELEASE|=3.0.6.RELEASE|=3.0.7.RELEASE|=3.1.0.RELEASE|=3.1.1.RELEASE|=3.1.2.RELEASE|=3.1.3.RELEASE|=3.1.4.RELEASE|=3.2.0.RELEASE|=3.2.1.RELEASE|=3.2.10.RELEASE|=3.2.11.RELEASE|=3.2.12.RELEASE|=3.2.13.RELEASE|=3.2.14.RELEASE|=3.2.15.RELEASE|=3.2.16.RELEASE|=3.2.17.RELEASE|=3.2.18.RELEASE|=3.2.2.RELEASE|=3.2.3.RELEASE|=3.2.4.RELEASE|=3.2.5.RELEASE|=3.2.6.RELEASE|=3.2.7.RELEASE|=3.2.8.RELEASE|=3.2.9.RELEASE|=4.0.0.RELEASE|=4.0.1.RELEASE|=4.0.2.RELEASE|=4.0.3.RELEASE|=4.0.4.RELEASE|=4.0.5.RELEASE|=4.0.6.RELEASE|=4.0.7.RELEASE|=4.0.8.RELEASE|=4.0.9.RELEASE|=4.1.0.RELEASE|=4.1.1.RELEASE|=4.1.2.RELEASE|=4.1.3.RELEASE|=4.1.4.RELEASE|=4.1.5.RELEASE|=4.1.6.RELEASE|=4.1.7.RELEASE|=4.1.8.RELEASE|=4.1.9.RELEASE|=4.2.0.RELEASE|=4.2.1.RELEASE|=4.2.2.RELEASE|=4.2.3.RELEASE|=4.2.4.RELEASE|=4.2.5.RELEASE|=4.2.6.RELEASE|=4.2.7.RELEASE|=4.2.8.RELEASE|=4.2.9.RELEASE|=4.3.0.RELEASE|=4.3.1.RELEASE|=4.3.10.RELEASE|=4.3.11.RELEASE|=4.3.12.RELEASE|=4.3.13.RELEASE|=4.3.14.RELEASE|=4.3.15.RELEASE|=4.3.16.RELEASE|=4.3.17.RELEASE|=4.3.18.RELEASE|=4.3.19.RELEASE|=4.3.2.RELEASE|=4.3.20.RELEASE|=4.3.21.RELEASE|=4.3.22.RELEASE|=4.3.23.RELEASE|=4.3.24.RELEASE|=4.3.25.RELEASE|=4.3.26.RELEASE|=4.3.27.RELEASE|=4.3.28.RELEASE|=4.3.29.RELEASE|=4.3.3.RELEASE|=4.3.30.RELEASE|=4.3.4.RELEASE|=4.3.5.RELEASE|=4.3.6.RELEASE|=4.3.7.RELEASE|=4.3.8.RELEASE|=4.3.9.RELEASE|=5.0.0.RELEASE|=5.0.1.RELEASE|=5.0.10.RELEASE|=5.0.11.RELEASE|=5.0.12.RELEASE|=5.0.13.RELEASE|=5.0.14.RELEASE|=5.0.15.RELEASE|=5.0.16.RELEASE|=5.0.17.RELEASE|=5.0.18.RELEASE|=5.0.19.RELEASE|=5.0.2.RELEASE|=5.0.20.RELEASE|=5.0.3.RELEASE|=5.0.4.RELEASE|=5.0.5.RELEASE|=5.0.6.RELEASE|=5.0.7.RELEASE|=5.0.8.RELEASE|=5.0.9.RELEASE|=5.1.0.RELEASE|=5.1.1.RELEASE|=5.1.10.RELEASE|=5.1.11.RELEASE|=5.1.12.RELEASE|=5.1.13.RELEASE|=5.1.14.RELEASE|=5.1.15.RELEASE|=5.1.16.RELEASE|=5.1.17.RELEASE|=5.1.18.RELEASE|=5.1.19.RELEASE|=5.1.2.RELEASE|=5.1.20.RELEASE|=5.1.3.RELEASE|=5.1.4.RELEASE|=5.1.5.RELEASE|=5.1.6.RELEASE|=5.1.7.RELEASE|=5.1.8.RELEASE|=5.1.9.RELEASE|=5.2.0.RELEASE|=5.2.1.RELEASE|=5.2.10.RELEASE|=5.2.11.RELEASE|=5.2.12.RELEASE|=5.2.13.RELEASE|=5.2.14.RELEASE|=5.2.15.RELEASE|=5.2.16.RELEASE|=5.2.17.RELEASE|=5.2.18.RELEASE|=5.2.19.RELEASE|=5.2.2.RELEASE|=5.2.3.RELEASE|=5.2.4.RELEASE|=5.2.5.RELEASE|=5.2.6.RELEASE|=5.2.7.RELEASE|=5.2.8.RELEASE|=5.2.9.RELEASE|=5.3.0|=5.3.1|=5.3.10|=5.3.11|=5.3.12|=5.3.13|=5.3.14|=5.3.15|=5.3.16|=5.3.17|=5.3.2|=5.3.3|=5.3.4|=5.3.5|=5.3.6|=5.3.7|=5.3.8|=5.3.9|=1.0|=1.0-rc1|=1.0.1|=1.1|=1.1-rc1|=1.1-rc2|=1.1.1|=1.1.2|=1.1.3|=1.1.4|=1.1.5|=1.2|=1.2-rc1|=1.2-rc2|=1.2.1|=1.2.2|=1.2.3|=1.2.4|=1.2.5|=1.2.6|=1.2.7|=1.2.8|=1.2.9|=2.0|=2.0-m1|=2.0-m2|=2.0-m3|=2.0-m4|=2.0-m5|=2.0-rc1|=2.0-rc2|=2.0.1|=2.0.2|=2.0.3|=2.0.4|=2.0.5|=2.0.6|=2.0.7|=2.0.8|=2.5|=2.5.1|=2.5.2|=2.5.3|=2.5.4|=2.5.5|=2.5.6|=2.5.6.SEC01|=2.5.6.SEC02|=2.5.6.SEC03|=3.0.0.RELEASE|=3.0.1.RELEASE|=3.0.2.RELEASE|=3.0.3.RELEASE|=3.0.4.RELEASE|=3.0.5.RELEASE|=3.0.6.RELEASE|=3.0.7.RELEASE|=3.1.0.RELEASE|=3.1.1.RELEASE|=3.1.2.RELEASE|=3.1.3.RELEASE|=3.1.4.RELEASE|=3.2.0.RELEASE|=3.2.1.RELEASE|=3.2.10.RELEASE|=3.2.11.RELEASE|=3.2.12.RELEASE|=3.2.13.RELEASE|=3.2.14.RELEASE|=3.2.15.RELEASE|=3.2.16.RELEASE|=3.2.17.RELEASE|=3.2.18.RELEASE|=3.2.2.RELEASE|=3.2.3.RELEASE|=3.2.4.RELEASE|=3.2.5.RELEASE|=3.2.6.RELEASE|=3.2.7.RELEASE|=3.2.8.RELEASE|=3.2.9.RELEASE|=4.0.0.RELEASE|=4.0.1.RELEASE|=4.0.2.RELEASE|=4.0.3.RELEASE|=4.0.4.RELEASE|=4.0.5.RELEASE|=4.0.6.RELEASE|=4.0.7.RELEASE|=4.0.8.RELEASE|=4.0.9.RELEASE|=4.1.0.RELEASE|=4.1.1.RELEASE|=4.1.2.RELEASE|=4.1.3.RELEASE|=4.1.4.RELEASE|=4.1.5.RELEASE|=4.1.6.RELEASE|=4.1.7.RELEASE|=4.1.8.RELEASE|=4.1.9.RELEASE|=4.2.0.RELEASE|=4.2.1.RELEASE|=4.2.2.RELEASE|=4.2.3.RELEASE|=4.2.4.RELEASE|=4.2.5.RELEASE|=4.2.6.RELEASE|=4.2.7.RELEASE|=4.2.8.RELEASE|=4.2.9.RELEASE|=4.3.0.RELEASE|=4.3.1.RELEASE|=4.3.10.RELEASE|=4.3.11.RELEASE|=4.3.12.RELEASE|=4.3.13.RELEASE|=4.3.14.RELEASE|=4.3.15.RELEASE|=4.3.16.RELEASE|=4.3.17.RELEASE|=4.3.18.RELEASE|=4.3.19.RELEASE|=4.3.2.RELEASE|=4.3.20.RELEASE|=4.3.21.RELEASE|=4.3.22.RELEASE|=4.3.23.RELEASE|=4.3.24.RELEASE|=4.3.25.RELEASE|=4.3.26.RELEASE|=4.3.27.RELEASE|=4.3.28.RELEASE|=4.3.29.RELEASE|=4.3.3.RELEASE|=4.3.30.RELEASE|=4.3.4.RELEASE|=4.3.5.RELEASE|=4.3.6.RELEASE|=4.3.7.RELEASE|=4.3.8.RELEASE|=4.3.9.RELEASE|=5.0.0.RELEASE|=5.0.1.RELEASE|=5.0.10.RELEASE|=5.0.11.RELEASE|=5.0.12.RELEASE|=5.0.13.RELEASE|=5.0.14.RELEASE|=5.0.15.RELEASE|=5.0.16.RELEASE|=5.0.17.RELEASE|=5.0.18.RELEASE|=5.0.19.RELEASE|=5.0.2.RELEASE|=5.0.20.RELEASE|=5.0.3.RELEASE|=5.0.4.RELEASE|=5.0.5.RELEASE|=5.0.6.RELEASE|=5.0.7.RELEASE|=5.0.8.RELEASE|=5.0.9.RELEASE|=5.1.0.RELEASE|=5.1.1.RELEASE|=5.1.10.RELEASE|=5.1.11.RELEASE|=5.1.12.RELEASE|=5.1.13.RELEASE|=5.1.14.RELEASE|=5.1.15.RELEASE|=5.1.16.RELEASE|=5.1.17.RELEASE|=5.1.18.RELEASE|=5.1.19.RELEASE|=5.1.2.RELEASE|=5.1.20.RELEASE|=5.1.3.RELEASE|=5.1.4.RELEASE|=5.1.5.RELEASE|=5.1.6.RELEASE|=5.1.7.RELEASE|=5.1.8.RELEASE|=5.1.9.RELEASE|=5.2.0.RELEASE|=5.2.1.RELEASE|=5.2.10.RELEASE|=5.2.11.RELEASE|=5.2.12.RELEASE|=5.2.13.RELEASE|=5.2.14.RELEASE|=5.2.15.RELEASE|=5.2.16.RELEASE|=5.2.17.RELEASE|=5.2.18.RELEASE|=5.2.19.RELEASE|=5.2.2.RELEASE|=5.2.3.RELEASE|=5.2.4.RELEASE|=5.2.5.RELEASE|=5.2.6.RELEASE|=5.2.7.RELEASE|=5.2.8.RELEASE|=5.2.9.RELEASE|=5.3.0|=5.3.1|=5.3.10|=5.3.11|=5.3.12|=5.3.13|=5.3.14|=5.3.15|=5.3.16|=5.3.17|=5.3.2|=5.3.3|=5.3.4|=5.3.5|=5.3.6|=5.3.7|=5.3.8|=5.3.9|=1.0.0.RELEASE|=1.0.1.RELEASE|=1.0.2.RELEASE|=1.1.0.RELEASE|=1.1.1.RELEASE|=1.1.10.RELEASE|=1.1.11.RELEASE|=1.1.12.RELEASE|=1.1.2.RELEASE|=1.1.3.RELEASE|=1.1.4.RELEASE|=1.1.5.RELEASE|=1.1.6.RELEASE|=1.1.7.RELEASE|=1.1.8.RELEASE|=1.1.9.RELEASE|=1.2.0.RELEASE|=1.2.1.RELEASE|=1.2.2.RELEASE|=1.2.3.RELEASE|=1.2.4.RELEASE|=1.2.5.RELEASE|=1.2.6.RELEASE|=1.2.7.RELEASE|=1.2.8.RELEASE|=1.3.0.RELEASE|=1.3.1.RELEASE|=1.3.2.RELEASE|=1.3.3.RELEASE|=1.3.4.RELEASE|=1.3.5.RELEASE|=1.3.6.RELEASE|=1.3.7.RELEASE|=1.3.8.RELEASE|=1.4.0.RELEASE|=1.4.1.RELEASE|=1.4.2.RELEASE|=1.4.3.RELEASE|=1.4.4.RELEASE|=1.4.5.RELEASE|=1.4.6.RELEASE|=1.4.7.RELEASE|=1.5.0.RELEASE|=1.5.1.RELEASE|=1.5.10.RELEASE|=1.5.11.RELEASE|=1.5.12.RELEASE|=1.5.13.RELEASE|=1.5.14.RELEASE|=1.5.15.RELEASE|=1.5.16.RELEASE|=1.5.17.RELEASE|=1.5.18.RELEASE|=1.5.19.RELEASE|=1.5.2.RELEASE|=1.5.20.RELEASE|=1.5.21.RELEASE|=1.5.22.RELEASE|=1.5.3.RELEASE|=1.5.4.RELEASE|=1.5.5.RELEASE|=1.5.6.RELEASE|=1.5.7.RELEASE|=1.5.8.RELEASE|=1.5.9.RELEASE|=2.0.0.RELEASE|=2.0.1.RELEASE|=2.0.2.RELEASE|=2.0.3.RELEASE|=2.0.4.RELEASE|=2.0.5.RELEASE|=2.0.6.RELEASE|=2.0.7.RELEASE|=2.0.8.RELEASE|=2.0.9.RELEASE|=2.1.0.RELEASE|=2.1.1.RELEASE|=2.1.10.RELEASE|=2.1.11.RELEASE|=2.1.12.RELEASE|=2.1.13.RELEASE|=2.1.14.RELEASE|=2.1.15.RELEASE|=2.1.16.RELEASE|=2.1.17.RELEASE|=2.1.18.RELEASE|=2.1.2.RELEASE|=2.1.3.RELEASE|=2.1.4.RELEASE|=2.1.5.RELEASE|=2.1.6.RELEASE|=2.1.7.RELEASE|=2.1.8.RELEASE|=2.1.9.RELEASE|=2.2.0.RELEASE|=2.2.1.RELEASE|=2.2.10.RELEASE|=2.2.11.RELEASE|=2.2.12.RELEASE|=2.2.13.RELEASE|=2.2.2.RELEASE|=2.2.3.RELEASE|=2.2.4.RELEASE|=2.2.5.RELEASE|=2.2.6.RELEASE|=2.2.7.RELEASE|=2.2.8.RELEASE|=2.2.9.RELEASE|=2.3.0.RELEASE|=2.3.1.RELEASE|=2.3.10.RELEASE|=2.3.11.RELEASE|=2.3.12.RELEASE|=2.3.2.RELEASE|=2.3.3.RELEASE|=2.3.4.RELEASE|=2.3.5.RELEASE|=2.3.6.RELEASE|=2.3.7.RELEASE|=2.3.8.RELEASE|=2.3.9.RELEASE|=2.4.0|=2.4.1|=2.4.10|=2.4.11|=2.4.12|=2.4.13|=2.4.2|=2.4.3|=2.4.4|=2.4.5|=2.4.6|=2.4.7|=2.4.8|=2.4.9|=2.5.0|=2.5.1|=2.5.10|=2.5.11|=2.5.2|=2.5.3|=2.5.4|=2.5.5|=2.5.6|=2.5.7|=2.5.8|=2.5.9|=2.6.0|=2.6.1|=2.6.2|=2.6.3|=2.6.4|=2.6.5|=5.0.0.RELEASE|=5.0.1.RELEASE|=5.0.10.RELEASE|=5.0.11.RELEASE|=5.0.12.RELEASE|=5.0.13.RELEASE|=5.0.14.RELEASE|=5.0.15.RELEASE|=5.0.16.RELEASE|=5.0.17.RELEASE|=5.0.18.RELEASE|=5.0.19.RELEASE|=5.0.2.RELEASE|=5.0.20.RELEASE|=5.0.3.RELEASE|=5.0.4.RELEASE|=5.0.5.RELEASE|=5.0.6.RELEASE|=5.0.7.RELEASE|=5.0.8.RELEASE|=5.0.9.RELEASE|=5.1.0.RELEASE|=5.1.1.RELEASE|=5.1.10.RELEASE|=5.1.11.RELEASE|=5.1.12.RELEASE|=5.1.13.RELEASE|=5.1.14.RELEASE|=5.1.15.RELEASE|=5.1.16.RELEASE|=5.1.17.RELEASE|=5.1.18.RELEASE|=5.1.19.RELEASE|=5.1.2.RELEASE|=5.1.20.RELEASE|=5.1.3.RELEASE|=5.1.4.RELEASE|=5.1.5.RELEASE|=5.1.6.RELEASE|=5.1.7.RELEASE|=5.1.8.RELEASE|=5.1.9.RELEASE|=5.2.0.RELEASE|=5.2.1.RELEASE|=5.2.10.RELEASE|=5.2.11.RELEASE|=5.2.12.RELEASE|=5.2.13.RELEASE|=5.2.14.RELEASE|=5.2.15.RELEASE|=5.2.16.RELEASE|=5.2.17.RELEASE|=5.2.18.RELEASE|=5.2.19.RELEASE|=5.2.2.RELEASE|=5.2.3.RELEASE|=5.2.4.RELEASE|=5.2.5.RELEASE|=5.2.6.RELEASE|=5.2.7.RELEASE|=5.2.8.RELEASE|=5.2.9.RELEASE|=5.3.0|=5.3.1|=5.3.10|=5.3.11|=5.3.12|=5.3.13|=5.3.14|=5.3.15|=5.3.16|=5.3.17|=5.3.2|=5.3.3|=5.3.4|=5.3.5|=5.3.6|=5.3.7|=5.3.8|=5.3.9|=2.0.0.RELEASE|=2.0.1.RELEASE|=2.0.2.RELEASE|=2.0.3.RELEASE|=2.0.4.RELEASE|=2.0.5.RELEASE|=2.0.6.RELEASE|=2.0.7.RELEASE|=2.0.8.RELEASE|=2.0.9.RELEASE|=2.1.0.RELEASE|=2.1.1.RELEASE|=2.1.10.RELEASE|=2.1.11.RELEASE|=2.1.12.RELEASE|=2.1.13.RELEASE|=2.1.14.RELEASE|=2.1.15.RELEASE|=2.1.16.RELEASE|=2.1.17.RELEASE|=2.1.18.RELEASE|=2.1.2.RELEASE|=2.1.3.RELEASE|=2.1.4.RELEASE|=2.1.5.RELEASE|=2.1.6.RELEASE|=2.1.7.RELEASE|=2.1.8.RELEASE|=2.1.9.RELEASE|=2.2.0.RELEASE|=2.2.1.RELEASE|=2.2.10.RELEASE|=2.2.11.RELEASE|=2.2.12.RELEASE|=2.2.13.RELEASE|=2.2.2.RELEASE|=2.2.3.RELEASE|=2.2.4.RELEASE|=2.2.5.RELEASE|=2.2.6.RELEASE|=2.2.7.RELEASE|=2.2.8.RELEASE|=2.2.9.RELEASE|=2.3.0.RELEASE|=2.3.1.RELEASE|=2.3.10.RELEASE|=2.3.11.RELEASE|=2.3.12.RELEASE|=2.3.2.RELEASE|=2.3.3.RELEASE|=2.3.4.RELEASE|=2.3.5.RELEASE|=2.3.6.RELEASE|=2.3.7.RELEASE|=2.3.8.RELEASE|=2.3.9.RELEASE|=2.4.0|=2.4.1|=2.4.10|=2.4.11|=2.4.12|=2.4.13|=2.4.2|=2.4.3|=2.4.4|=2.4.5|=2.4.6|=2.4.7|=2.4.8|=2.4.9|=2.5.0|=2.5.1|=2.5.10|=2.5.11|=2.5.2|=2.5.3|=2.5.4|=2.5.5|=2.5.6|=2.5.7|=2.5.8|=2.5.9|=2.6.0|=2.6.1|=2.6.2|=2.6.3|=2.6.4|=2.6.5","fixed_version":"2.6.6","source":"osv","published_at":"2022-03-31T18:30:50Z","in_kev":true,"kev_date_added":"2022-04-04","kev_ransomware":"Unknown","epss_prob":0.94428,"epss_percentile":0.99984,"threat_tier":"actively_exploited"},{"vuln_id":"CVE-2026-22737","severity":"medium","summary":"Spring Framework Improper Path Limitation with Script View Templates","affected_versions":">=7.0.0-M1,<7.0.6|>=6.2.0,<6.2.17|>=6.0.0,<=6.1.21|>=5.3.0,<=5.3.39|>=7.0.0-M1,<7.0.6|>=6.2.0,<6.2.17|>=6.0.0,<=6.1.21|>=5.3.0,<=5.3.39|=7.0.0|=7.0.0-M1|=7.0.0-M2|=7.0.0-M3|=7.0.0-M4|=7.0.0-M5|=7.0.0-M6|=7.0.0-M7|=7.0.0-M8|=7.0.0-M9|=7.0.0-RC1|=7.0.0-RC2|=7.0.0-RC3|=7.0.1|=7.0.2|=7.0.3|=7.0.4|=7.0.5|=6.2.0|=6.2.1|=6.2.10|=6.2.11|=6.2.12|=6.2.13|=6.2.14|=6.2.15|=6.2.16|=6.2.2|=6.2.3|=6.2.4|=6.2.5|=6.2.6|=6.2.7|=6.2.8|=6.2.9|=6.0.0|=6.0.1|=6.0.10|=6.0.11|=6.0.12|=6.0.13|=6.0.14|=6.0.15|=6.0.16|=6.0.17|=6.0.18|=6.0.19|=6.0.2|=6.0.20|=6.0.21|=6.0.22|=6.0.23|=6.0.3|=6.0.4|=6.0.5|=6.0.6|=6.0.7|=6.0.8|=6.0.9|=6.1.0|=6.1.1|=6.1.10|=6.1.11|=6.1.12|=6.1.13|=6.1.14|=6.1.15|=6.1.16|=6.1.17|=6.1.18|=6.1.19|=6.1.2|=6.1.20|=6.1.21|=6.1.3|=6.1.4|=6.1.5|=6.1.6|=6.1.7|=6.1.8|=6.1.9|=5.3.0|=5.3.1|=5.3.10|=5.3.11|=5.3.12|=5.3.13|=5.3.14|=5.3.15|=5.3.16|=5.3.17|=5.3.18|=5.3.19|=5.3.2|=5.3.20|=5.3.21|=5.3.22|=5.3.23|=5.3.24|=5.3.25|=5.3.26|=5.3.27|=5.3.28|=5.3.29|=5.3.3|=5.3.30|=5.3.31|=5.3.32|=5.3.33|=5.3.34|=5.3.35|=5.3.36|=5.3.37|=5.3.38|=5.3.39|=5.3.4|=5.3.5|=5.3.6|=5.3.7|=5.3.8|=5.3.9|=7.0.0|=7.0.0-M1|=7.0.0-M2|=7.0.0-M3|=7.0.0-M4|=7.0.0-M5|=7.0.0-M6|=7.0.0-M7|=7.0.0-M8|=7.0.0-M9|=7.0.0-RC1|=7.0.0-RC2|=7.0.0-RC3|=7.0.1|=7.0.2|=7.0.3|=7.0.4|=7.0.5|=6.2.0|=6.2.1|=6.2.10|=6.2.11|=6.2.12|=6.2.13|=6.2.14|=6.2.15|=6.2.16|=6.2.2|=6.2.3|=6.2.4|=6.2.5|=6.2.6|=6.2.7|=6.2.8|=6.2.9|=6.0.0|=6.0.1|=6.0.10|=6.0.11|=6.0.12|=6.0.13|=6.0.14|=6.0.15|=6.0.16|=6.0.17|=6.0.18|=6.0.19|=6.0.2|=6.0.20|=6.0.21|=6.0.22|=6.0.23|=6.0.3|=6.0.4|=6.0.5|=6.0.6|=6.0.7|=6.0.8|=6.0.9|=6.1.0|=6.1.1|=6.1.10|=6.1.11|=6.1.12|=6.1.13|=6.1.14|=6.1.15|=6.1.16|=6.1.17|=6.1.18|=6.1.19|=6.1.2|=6.1.20|=6.1.21|=6.1.3|=6.1.4|=6.1.5|=6.1.6|=6.1.7|=6.1.8|=6.1.9|=5.3.0|=5.3.1|=5.3.10|=5.3.11|=5.3.12|=5.3.13|=5.3.14|=5.3.15|=5.3.16|=5.3.17|=5.3.18|=5.3.19|=5.3.2|=5.3.20|=5.3.21|=5.3.22|=5.3.23|=5.3.24|=5.3.25|=5.3.26|=5.3.27|=5.3.28|=5.3.29|=5.3.3|=5.3.30|=5.3.31|=5.3.32|=5.3.33|=5.3.34|=5.3.35|=5.3.36|=5.3.37|=5.3.38|=5.3.39|=5.3.4|=5.3.5|=5.3.6|=5.3.7|=5.3.8|=5.3.9","fixed_version":"6.2.17","source":"osv","published_at":"2026-03-20T00:31:28Z","in_kev":false,"epss_prob":0.00092,"epss_percentile":0.25629,"threat_tier":"theoretical"},{"vuln_id":"CVE-2026-22735","severity":"low","summary":"Spring MVC and WebFlux has Server Sent Event stream corruption","affected_versions":">=7.0.0-M1,<7.0.6|>=6.2.0,<6.2.17|>=6.0.0,<=6.1.21|>=5.3.0,<=5.3.39|>=7.0.0-M1,<7.0.6|>=6.2.0,<6.2.17|>=6.0.0,<=6.1.21|>=5.3.0,<=5.3.39|=7.0.0|=7.0.0-M1|=7.0.0-M2|=7.0.0-M3|=7.0.0-M4|=7.0.0-M5|=7.0.0-M6|=7.0.0-M7|=7.0.0-M8|=7.0.0-M9|=7.0.0-RC1|=7.0.0-RC2|=7.0.0-RC3|=7.0.1|=7.0.2|=7.0.3|=7.0.4|=7.0.5|=6.2.0|=6.2.1|=6.2.10|=6.2.11|=6.2.12|=6.2.13|=6.2.14|=6.2.15|=6.2.16|=6.2.2|=6.2.3|=6.2.4|=6.2.5|=6.2.6|=6.2.7|=6.2.8|=6.2.9|=6.0.0|=6.0.1|=6.0.10|=6.0.11|=6.0.12|=6.0.13|=6.0.14|=6.0.15|=6.0.16|=6.0.17|=6.0.18|=6.0.19|=6.0.2|=6.0.20|=6.0.21|=6.0.22|=6.0.23|=6.0.3|=6.0.4|=6.0.5|=6.0.6|=6.0.7|=6.0.8|=6.0.9|=6.1.0|=6.1.1|=6.1.10|=6.1.11|=6.1.12|=6.1.13|=6.1.14|=6.1.15|=6.1.16|=6.1.17|=6.1.18|=6.1.19|=6.1.2|=6.1.20|=6.1.21|=6.1.3|=6.1.4|=6.1.5|=6.1.6|=6.1.7|=6.1.8|=6.1.9|=5.3.0|=5.3.1|=5.3.10|=5.3.11|=5.3.12|=5.3.13|=5.3.14|=5.3.15|=5.3.16|=5.3.17|=5.3.18|=5.3.19|=5.3.2|=5.3.20|=5.3.21|=5.3.22|=5.3.23|=5.3.24|=5.3.25|=5.3.26|=5.3.27|=5.3.28|=5.3.29|=5.3.3|=5.3.30|=5.3.31|=5.3.32|=5.3.33|=5.3.34|=5.3.35|=5.3.36|=5.3.37|=5.3.38|=5.3.39|=5.3.4|=5.3.5|=5.3.6|=5.3.7|=5.3.8|=5.3.9|=7.0.0|=7.0.0-M1|=7.0.0-M2|=7.0.0-M3|=7.0.0-M4|=7.0.0-M5|=7.0.0-M6|=7.0.0-M7|=7.0.0-M8|=7.0.0-M9|=7.0.0-RC1|=7.0.0-RC2|=7.0.0-RC3|=7.0.1|=7.0.2|=7.0.3|=7.0.4|=7.0.5|=6.2.0|=6.2.1|=6.2.10|=6.2.11|=6.2.12|=6.2.13|=6.2.14|=6.2.15|=6.2.16|=6.2.2|=6.2.3|=6.2.4|=6.2.5|=6.2.6|=6.2.7|=6.2.8|=6.2.9|=6.0.0|=6.0.1|=6.0.10|=6.0.11|=6.0.12|=6.0.13|=6.0.14|=6.0.15|=6.0.16|=6.0.17|=6.0.18|=6.0.19|=6.0.2|=6.0.20|=6.0.21|=6.0.22|=6.0.23|=6.0.3|=6.0.4|=6.0.5|=6.0.6|=6.0.7|=6.0.8|=6.0.9|=6.1.0|=6.1.1|=6.1.10|=6.1.11|=6.1.12|=6.1.13|=6.1.14|=6.1.15|=6.1.16|=6.1.17|=6.1.18|=6.1.19|=6.1.2|=6.1.20|=6.1.21|=6.1.3|=6.1.4|=6.1.5|=6.1.6|=6.1.7|=6.1.8|=6.1.9|=5.3.0|=5.3.1|=5.3.10|=5.3.11|=5.3.12|=5.3.13|=5.3.14|=5.3.15|=5.3.16|=5.3.17|=5.3.18|=5.3.19|=5.3.2|=5.3.20|=5.3.21|=5.3.22|=5.3.23|=5.3.24|=5.3.25|=5.3.26|=5.3.27|=5.3.28|=5.3.29|=5.3.3|=5.3.30|=5.3.31|=5.3.32|=5.3.33|=5.3.34|=5.3.35|=5.3.36|=5.3.37|=5.3.38|=5.3.39|=5.3.4|=5.3.5|=5.3.6|=5.3.7|=5.3.8|=5.3.9","fixed_version":"6.2.17","source":"osv","published_at":"2026-03-20T00:31:28Z","in_kev":false,"epss_prob":0.00092,"epss_percentile":0.25721,"threat_tier":"theoretical"},{"vuln_id":"CVE-2023-20860","severity":"critical","summary":"Spring Framework is vulnerable to security bypass via mvcRequestMatcher pattern mismatch","affected_versions":">=6.0.0,<6.0.7|>=5.3.0,<5.3.26|>=6.0.0,<6.0.7|>=5.3.0,<5.3.26|=5.3.0|=5.3.1|=5.3.10|=5.3.11|=5.3.12|=5.3.13|=5.3.14|=5.3.15|=5.3.16|=5.3.17|=5.3.18|=5.3.19|=5.3.2|=5.3.20|=5.3.21|=5.3.22|=5.3.23|=5.3.24|=5.3.25|=5.3.3|=5.3.4|=5.3.5|=5.3.6|=5.3.7|=5.3.8|=5.3.9|=6.0.0|=6.0.1|=6.0.2|=6.0.3|=6.0.4|=6.0.5|=6.0.6|=5.3.0|=5.3.1|=5.3.10|=5.3.11|=5.3.12|=5.3.13|=5.3.14|=5.3.15|=5.3.16|=5.3.17|=5.3.18|=5.3.19|=5.3.2|=5.3.20|=5.3.21|=5.3.22|=5.3.23|=5.3.24|=5.3.25|=5.3.3|=5.3.4|=5.3.5|=5.3.6|=5.3.7|=5.3.8|=5.3.9","fixed_version":"5.3.26","source":"osv","published_at":"2023-03-28T00:34:28Z","in_kev":false,"epss_prob":0.56284,"epss_percentile":0.98125,"threat_tier":"likely_exploited"},{"vuln_id":"CVE-2020-5397","severity":"medium","summary":"CSRF attack via CORS preflight requests with Spring MVC or Spring WebFlux","affected_versions":">=5.2.0,<5.2.3|>=5.2.0,<5.2.3|=5.2.0.RELEASE|=5.2.1.RELEASE|=5.2.2.RELEASE|=5.2.0.RELEASE|=5.2.1.RELEASE|=5.2.2.RELEASE","fixed_version":"5.2.3","source":"osv","published_at":"2020-01-21T20:59:33Z","in_kev":false,"epss_prob":0.00855,"epss_percentile":0.75038,"threat_tier":"theoretical"},{"vuln_id":"CVE-2014-0054","severity":"medium","summary":"Cross-Site Request Forgery in Spring Framework","affected_versions":"<3.2.8|>=4.0.0,<4.0.2|=1.0|=1.0-rc1|=1.0.1|=1.1|=1.1-rc1|=1.1-rc2|=1.1.1|=1.1.2|=1.1.3|=1.1.4|=1.1.5|=1.2|=1.2-rc1|=1.2-rc2|=1.2.1|=1.2.2|=1.2.3|=1.2.4|=1.2.5|=1.2.6|=1.2.7|=1.2.8|=1.2.9|=2.0|=2.0-m1|=2.0-m2|=2.0-m3|=2.0-m4|=2.0-m5|=2.0-rc1|=2.0-rc2|=2.0.1|=2.0.2|=2.0.3|=2.0.4|=2.0.5|=2.0.6|=2.0.7|=2.0.8|=2.5|=2.5.1|=2.5.2|=2.5.3|=2.5.4|=2.5.5|=2.5.6|=2.5.6.SEC01|=2.5.6.SEC02|=2.5.6.SEC03|=3.0.0.RELEASE|=3.0.1.RELEASE|=3.0.2.RELEASE|=3.0.3.RELEASE|=3.0.4.RELEASE|=3.0.5.RELEASE|=3.0.6.RELEASE|=3.0.7.RELEASE|=3.1.0.RELEASE|=3.1.1.RELEASE|=3.1.2.RELEASE|=3.1.3.RELEASE|=3.1.4.RELEASE|=3.2.0.RELEASE|=3.2.1.RELEASE|=3.2.2.RELEASE|=3.2.3.RELEASE|=3.2.4.RELEASE|=3.2.5.RELEASE|=3.2.6.RELEASE|=3.2.7.RELEASE|=4.0.0.RELEASE|=4.0.1.RELEASE","fixed_version":"4.0.2","source":"osv","published_at":"2022-05-13T01:02:38Z","in_kev":false,"epss_prob":0.02548,"epss_percentile":0.8554,"threat_tier":"theoretical"},{"vuln_id":"CVE-2020-5398","severity":"high","summary":"RFD attack via Content-Disposition header sourced from request input by Spring MVC or Spring WebFlux Application","affected_versions":">=5.2.0.RELEASE,<5.2.3.RELEASE|>=5.1.0.RELEASE,<5.1.13.RELEASE|>=5.0.0.RELEASE,<5.0.16.RELEASE|>=5.2.0.RELEASE,<5.2.3.RELEASE|>=5.1.0.RELEASE,<5.1.13.RELEASE|>=5.0.0.RELEASE,<5.0.16.RELEASE|=5.2.0.RELEASE|=5.2.1.RELEASE|=5.2.2.RELEASE|=5.1.0.RELEASE|=5.1.1.RELEASE|=5.1.10.RELEASE|=5.1.11.RELEASE|=5.1.12.RELEASE|=5.1.2.RELEASE|=5.1.3.RELEASE|=5.1.4.RELEASE|=5.1.5.RELEASE|=5.1.6.RELEASE|=5.1.7.RELEASE|=5.1.8.RELEASE|=5.1.9.RELEASE|=5.0.0.RELEASE|=5.0.1.RELEASE|=5.0.10.RELEASE|=5.0.11.RELEASE|=5.0.12.RELEASE|=5.0.13.RELEASE|=5.0.14.RELEASE|=5.0.15.RELEASE|=5.0.2.RELEASE|=5.0.3.RELEASE|=5.0.4.RELEASE|=5.0.5.RELEASE|=5.0.6.RELEASE|=5.0.7.RELEASE|=5.0.8.RELEASE|=5.0.9.RELEASE|=5.2.0.RELEASE|=5.2.1.RELEASE|=5.2.2.RELEASE|=5.1.0.RELEASE|=5.1.1.RELEASE|=5.1.10.RELEASE|=5.1.11.RELEASE|=5.1.12.RELEASE|=5.1.2.RELEASE|=5.1.3.RELEASE|=5.1.4.RELEASE|=5.1.5.RELEASE|=5.1.6.RELEASE|=5.1.7.RELEASE|=5.1.8.RELEASE|=5.1.9.RELEASE|=5.0.0.RELEASE|=5.0.1.RELEASE|=5.0.10.RELEASE|=5.0.11.RELEASE|=5.0.12.RELEASE|=5.0.13.RELEASE|=5.0.14.RELEASE|=5.0.15.RELEASE|=5.0.2.RELEASE|=5.0.3.RELEASE|=5.0.4.RELEASE|=5.0.5.RELEASE|=5.0.6.RELEASE|=5.0.7.RELEASE|=5.0.8.RELEASE|=5.0.9.RELEASE","fixed_version":"5.0.16.RELEASE","source":"osv","published_at":"2020-01-21T20:59:09Z","in_kev":false,"epss_prob":0.90184,"epss_percentile":0.99596,"threat_tier":"likely_exploited"},{"vuln_id":"CVE-2024-38816","severity":"high","summary":"Path traversal vulnerability in functional web frameworks","affected_versions":">=6.1.0,<6.1.13|>=6.1.0,<6.1.13|>=6.0.0,<=6.0.23|>=6.0.0,<=6.0.23|>=5.3.0,<=5.3.39|>=5.3.0,<=5.3.39|=6.1.0|=6.1.1|=6.1.10|=6.1.11|=6.1.12|=6.1.2|=6.1.3|=6.1.4|=6.1.5|=6.1.6|=6.1.7|=6.1.8|=6.1.9|=6.1.0|=6.1.1|=6.1.10|=6.1.11|=6.1.12|=6.1.2|=6.1.3|=6.1.4|=6.1.5|=6.1.6|=6.1.7|=6.1.8|=6.1.9|=6.0.0|=6.0.1|=6.0.10|=6.0.11|=6.0.12|=6.0.13|=6.0.14|=6.0.15|=6.0.16|=6.0.17|=6.0.18|=6.0.19|=6.0.2|=6.0.20|=6.0.21|=6.0.22|=6.0.23|=6.0.3|=6.0.4|=6.0.5|=6.0.6|=6.0.7|=6.0.8|=6.0.9|=6.0.0|=6.0.1|=6.0.10|=6.0.11|=6.0.12|=6.0.13|=6.0.14|=6.0.15|=6.0.16|=6.0.17|=6.0.18|=6.0.19|=6.0.2|=6.0.20|=6.0.21|=6.0.22|=6.0.23|=6.0.3|=6.0.4|=6.0.5|=6.0.6|=6.0.7|=6.0.8|=6.0.9|=5.3.0|=5.3.1|=5.3.10|=5.3.11|=5.3.12|=5.3.13|=5.3.14|=5.3.15|=5.3.16|=5.3.17|=5.3.18|=5.3.19|=5.3.2|=5.3.20|=5.3.21|=5.3.22|=5.3.23|=5.3.24|=5.3.25|=5.3.26|=5.3.27|=5.3.28|=5.3.29|=5.3.3|=5.3.30|=5.3.31|=5.3.32|=5.3.33|=5.3.34|=5.3.35|=5.3.36|=5.3.37|=5.3.38|=5.3.39|=5.3.4|=5.3.5|=5.3.6|=5.3.7|=5.3.8|=5.3.9|=5.3.0|=5.3.1|=5.3.10|=5.3.11|=5.3.12|=5.3.13|=5.3.14|=5.3.15|=5.3.16|=5.3.17|=5.3.18|=5.3.19|=5.3.2|=5.3.20|=5.3.21|=5.3.22|=5.3.23|=5.3.24|=5.3.25|=5.3.26|=5.3.27|=5.3.28|=5.3.29|=5.3.3|=5.3.30|=5.3.31|=5.3.32|=5.3.33|=5.3.34|=5.3.35|=5.3.36|=5.3.37|=5.3.38|=5.3.39|=5.3.4|=5.3.5|=5.3.6|=5.3.7|=5.3.8|=5.3.9","fixed_version":"6.1.13","source":"osv","published_at":"2024-09-13T06:30:42Z","in_kev":false,"epss_prob":0.93877,"epss_percentile":0.99873,"threat_tier":"likely_exploited"},{"vuln_id":"CVE-2014-0225","severity":"high","summary":"Improper Restriction of XML External Entity Reference in Spring Framework","affected_versions":">=4.0.0,<4.0.5|>=3.0.0,<3.2.8|=4.0.0.RELEASE|=4.0.1.RELEASE|=4.0.2.RELEASE|=4.0.3.RELEASE|=4.0.4.RELEASE|=3.0.0.RELEASE|=3.0.1.RELEASE|=3.0.2.RELEASE|=3.0.3.RELEASE|=3.0.4.RELEASE|=3.0.5.RELEASE|=3.0.6.RELEASE|=3.0.7.RELEASE|=3.1.0.RELEASE|=3.1.1.RELEASE|=3.1.2.RELEASE|=3.1.3.RELEASE|=3.1.4.RELEASE|=3.2.0.RELEASE|=3.2.1.RELEASE|=3.2.2.RELEASE|=3.2.3.RELEASE|=3.2.4.RELEASE|=3.2.5.RELEASE|=3.2.6.RELEASE|=3.2.7.RELEASE","fixed_version":"3.2.8","source":"osv","published_at":"2022-05-13T01:02:39Z","in_kev":false,"epss_prob":0.00236,"epss_percentile":0.46433,"threat_tier":"theoretical"},{"vuln_id":"CVE-2014-1904","severity":"medium","summary":"Improper Neutralization of Input During Web Page Generation in Spring Framework","affected_versions":">=3.0.0,<3.2.8.RELEASE|>=4.0.0,<4.0.2.RELEASE|=3.0.0.RELEASE|=3.0.1.RELEASE|=3.0.2.RELEASE|=3.0.3.RELEASE|=3.0.4.RELEASE|=3.0.5.RELEASE|=3.0.6.RELEASE|=3.0.7.RELEASE|=3.1.0.RELEASE|=3.1.1.RELEASE|=3.1.2.RELEASE|=3.1.3.RELEASE|=3.1.4.RELEASE|=3.2.0.RELEASE|=3.2.1.RELEASE|=3.2.2.RELEASE|=3.2.3.RELEASE|=3.2.4.RELEASE|=3.2.5.RELEASE|=3.2.6.RELEASE|=3.2.7.RELEASE|=4.0.0.RELEASE|=4.0.1.RELEASE","fixed_version":"4.0.2.RELEASE","source":"osv","published_at":"2022-05-14T01:14:55Z","in_kev":false,"epss_prob":0.0181,"epss_percentile":0.82912,"threat_tier":"theoretical"},{"vuln_id":"CVE-2024-38819","severity":"high","summary":"Spring Framework Path Traversal vulnerability","affected_versions":">=6.1.0,<6.1.14|>=6.1.0,<6.1.14|<=5.3.39|<=5.3.39|>=6.0.0,<=6.0.23|>=6.0.0,<=6.0.23|=6.1.0|=6.1.1|=6.1.10|=6.1.11|=6.1.12|=6.1.13|=6.1.2|=6.1.3|=6.1.4|=6.1.5|=6.1.6|=6.1.7|=6.1.8|=6.1.9|=6.1.0|=6.1.1|=6.1.10|=6.1.11|=6.1.12|=6.1.13|=6.1.2|=6.1.3|=6.1.4|=6.1.5|=6.1.6|=6.1.7|=6.1.8|=6.1.9|=5.0.0.RELEASE|=5.0.1.RELEASE|=5.0.10.RELEASE|=5.0.11.RELEASE|=5.0.12.RELEASE|=5.0.13.RELEASE|=5.0.14.RELEASE|=5.0.15.RELEASE|=5.0.16.RELEASE|=5.0.17.RELEASE|=5.0.18.RELEASE|=5.0.19.RELEASE|=5.0.2.RELEASE|=5.0.20.RELEASE|=5.0.3.RELEASE|=5.0.4.RELEASE|=5.0.5.RELEASE|=5.0.6.RELEASE|=5.0.7.RELEASE|=5.0.8.RELEASE|=5.0.9.RELEASE|=5.1.0.RELEASE|=5.1.1.RELEASE|=5.1.10.RELEASE|=5.1.11.RELEASE|=5.1.12.RELEASE|=5.1.13.RELEASE|=5.1.14.RELEASE|=5.1.15.RELEASE|=5.1.16.RELEASE|=5.1.17.RELEASE|=5.1.18.RELEASE|=5.1.19.RELEASE|=5.1.2.RELEASE|=5.1.20.RELEASE|=5.1.3.RELEASE|=5.1.4.RELEASE|=5.1.5.RELEASE|=5.1.6.RELEASE|=5.1.7.RELEASE|=5.1.8.RELEASE|=5.1.9.RELEASE|=5.2.0.RELEASE|=5.2.1.RELEASE|=5.2.10.RELEASE|=5.2.11.RELEASE|=5.2.12.RELEASE|=5.2.13.RELEASE|=5.2.14.RELEASE|=5.2.15.RELEASE|=5.2.16.RELEASE|=5.2.17.RELEASE|=5.2.18.RELEASE|=5.2.19.RELEASE|=5.2.2.RELEASE|=5.2.20.RELEASE|=5.2.21.RELEASE|=5.2.22.RELEASE|=5.2.23.RELEASE|=5.2.24.RELEASE|=5.2.25.RELEASE|=5.2.3.RELEASE|=5.2.4.RELEASE|=5.2.5.RELEASE|=5.2.6.RELEASE|=5.2.7.RELEASE|=5.2.8.RELEASE|=5.2.9.RELEASE|=5.3.0|=5.3.1|=5.3.10|=5.3.11|=5.3.12|=5.3.13|=5.3.14|=5.3.15|=5.3.16|=5.3.17|=5.3.18|=5.3.19|=5.3.2|=5.3.20|=5.3.21|=5.3.22|=5.3.23|=5.3.24|=5.3.25|=5.3.26|=5.3.27|=5.3.28|=5.3.29|=5.3.3|=5.3.30|=5.3.31|=5.3.32|=5.3.33|=5.3.34|=5.3.35|=5.3.36|=5.3.37|=5.3.38|=5.3.39|=5.3.4|=5.3.5|=5.3.6|=5.3.7|=5.3.8|=5.3.9|=1.0|=1.0-rc1|=1.0.1|=1.1|=1.1-rc1|=1.1-rc2|=1.1.1|=1.1.2|=1.1.3|=1.1.4|=1.1.5|=1.2|=1.2-rc1|=1.2-rc2|=1.2.1|=1.2.2|=1.2.3|=1.2.4|=1.2.5|=1.2.6|=1.2.7|=1.2.8|=1.2.9|=2.0|=2.0-m1|=2.0-m2|=2.0-m3|=2.0-m4|=2.0-m5|=2.0-rc1|=2.0-rc2|=2.0.1|=2.0.2|=2.0.3|=2.0.4|=2.0.5|=2.0.6|=2.0.7|=2.0.8|=2.5|=2.5.1|=2.5.2|=2.5.3|=2.5.4|=2.5.5|=2.5.6|=2.5.6.SEC01|=2.5.6.SEC02|=2.5.6.SEC03|=3.0.0.RELEASE|=3.0.1.RELEASE|=3.0.2.RELEASE|=3.0.3.RELEASE|=3.0.4.RELEASE|=3.0.5.RELEASE|=3.0.6.RELEASE|=3.0.7.RELEASE|=3.1.0.RELEASE|=3.1.1.RELEASE|=3.1.2.RELEASE|=3.1.3.RELEASE|=3.1.4.RELEASE|=3.2.0.RELEASE|=3.2.1.RELEASE|=3.2.10.RELEASE|=3.2.11.RELEASE|=3.2.12.RELEASE|=3.2.13.RELEASE|=3.2.14.RELEASE|=3.2.15.RELEASE|=3.2.16.RELEASE|=3.2.17.RELEASE|=3.2.18.RELEASE|=3.2.2.RELEASE|=3.2.3.RELEASE|=3.2.4.RELEASE|=3.2.5.RELEASE|=3.2.6.RELEASE|=3.2.7.RELEASE|=3.2.8.RELEASE|=3.2.9.RELEASE|=4.0.0.RELEASE|=4.0.1.RELEASE|=4.0.2.RELEASE|=4.0.3.RELEASE|=4.0.4.RELEASE|=4.0.5.RELEASE|=4.0.6.RELEASE|=4.0.7.RELEASE|=4.0.8.RELEASE|=4.0.9.RELEASE|=4.1.0.RELEASE|=4.1.1.RELEASE|=4.1.2.RELEASE|=4.1.3.RELEASE|=4.1.4.RELEASE|=4.1.5.RELEASE|=4.1.6.RELEASE|=4.1.7.RELEASE|=4.1.8.RELEASE|=4.1.9.RELEASE|=4.2.0.RELEASE|=4.2.1.RELEASE|=4.2.2.RELEASE|=4.2.3.RELEASE|=4.2.4.RELEASE|=4.2.5.RELEASE|=4.2.6.RELEASE|=4.2.7.RELEASE|=4.2.8.RELEASE|=4.2.9.RELEASE|=4.3.0.RELEASE|=4.3.1.RELEASE|=4.3.10.RELEASE|=4.3.11.RELEASE|=4.3.12.RELEASE|=4.3.13.RELEASE|=4.3.14.RELEASE|=4.3.15.RELEASE|=4.3.16.RELEASE|=4.3.17.RELEASE|=4.3.18.RELEASE|=4.3.19.RELEASE|=4.3.2.RELEASE|=4.3.20.RELEASE|=4.3.21.RELEASE|=4.3.22.RELEASE|=4.3.23.RELEASE|=4.3.24.RELEASE|=4.3.25.RELEASE|=4.3.26.RELEASE|=4.3.27.RELEASE|=4.3.28.RELEASE|=4.3.29.RELEASE|=4.3.3.RELEASE|=4.3.30.RELEASE|=4.3.4.RELEASE|=4.3.5.RELEASE|=4.3.6.RELEASE|=4.3.7.RELEASE|=4.3.8.RELEASE|=4.3.9.RELEASE|=5.0.0.RELEASE|=5.0.1.RELEASE|=5.0.10.RELEASE|=5.0.11.RELEASE|=5.0.12.RELEASE|=5.0.13.RELEASE|=5.0.14.RELEASE|=5.0.15.RELEASE|=5.0.16.RELEASE|=5.0.17.RELEASE|=5.0.18.RELEASE|=5.0.19.RELEASE|=5.0.2.RELEASE|=5.0.20.RELEASE|=5.0.3.RELEASE|=5.0.4.RELEASE|=5.0.5.RELEASE|=5.0.6.RELEASE|=5.0.7.RELEASE|=5.0.8.RELEASE|=5.0.9.RELEASE|=5.1.0.RELEASE|=5.1.1.RELEASE|=5.1.10.RELEASE|=5.1.11.RELEASE|=5.1.12.RELEASE|=5.1.13.RELEASE|=5.1.14.RELEASE|=5.1.15.RELEASE|=5.1.16.RELEASE|=5.1.17.RELEASE|=5.1.18.RELEASE|=5.1.19.RELEASE|=5.1.2.RELEASE|=5.1.20.RELEASE|=5.1.3.RELEASE|=5.1.4.RELEASE|=5.1.5.RELEASE|=5.1.6.RELEASE|=5.1.7.RELEASE|=5.1.8.RELEASE|=5.1.9.RELEASE|=5.2.0.RELEASE|=5.2.1.RELEASE|=5.2.10.RELEASE|=5.2.11.RELEASE|=5.2.12.RELEASE|=5.2.13.RELEASE|=5.2.14.RELEASE|=5.2.15.RELEASE|=5.2.16.RELEASE|=5.2.17.RELEASE|=5.2.18.RELEASE|=5.2.19.RELEASE|=5.2.2.RELEASE|=5.2.20.RELEASE|=5.2.21.RELEASE|=5.2.22.RELEASE|=5.2.23.RELEASE|=5.2.24.RELEASE|=5.2.25.RELEASE|=5.2.3.RELEASE|=5.2.4.RELEASE|=5.2.5.RELEASE|=5.2.6.RELEASE|=5.2.7.RELEASE|=5.2.8.RELEASE|=5.2.9.RELEASE|=5.3.0|=5.3.1|=5.3.10|=5.3.11|=5.3.12|=5.3.13|=5.3.14|=5.3.15|=5.3.16|=5.3.17|=5.3.18|=5.3.19|=5.3.2|=5.3.20|=5.3.21|=5.3.22|=5.3.23|=5.3.24|=5.3.25|=5.3.26|=5.3.27|=5.3.28|=5.3.29|=5.3.3|=5.3.30|=5.3.31|=5.3.32|=5.3.33|=5.3.34|=5.3.35|=5.3.36|=5.3.37|=5.3.38|=5.3.39|=5.3.4|=5.3.5|=5.3.6|=5.3.7|=5.3.8|=5.3.9|=6.0.0|=6.0.1|=6.0.10|=6.0.11|=6.0.12|=6.0.13|=6.0.14|=6.0.15|=6.0.16|=6.0.17|=6.0.18|=6.0.19|=6.0.2|=6.0.20|=6.0.21|=6.0.22|=6.0.23|=6.0.3|=6.0.4|=6.0.5|=6.0.6|=6.0.7|=6.0.8|=6.0.9|=6.0.0|=6.0.1|=6.0.10|=6.0.11|=6.0.12|=6.0.13|=6.0.14|=6.0.15|=6.0.16|=6.0.17|=6.0.18|=6.0.19|=6.0.2|=6.0.20|=6.0.21|=6.0.22|=6.0.23|=6.0.3|=6.0.4|=6.0.5|=6.0.6|=6.0.7|=6.0.8|=6.0.9","fixed_version":"6.1.14","source":"osv","published_at":"2024-12-19T18:31:38Z","in_kev":false,"epss_prob":0.92565,"epss_percentile":0.99746,"threat_tier":"likely_exploited"},{"vuln_id":"CVE-2014-3625","severity":"medium","summary":"Improper Limitation of a Pathname to a Restricted Directory in Spring Framework","affected_versions":">=3.0.4,<3.2.12|>=4.0.0,<4.0.8|>=4.1.0,<4.1.2|=3.0.4.RELEASE|=3.0.5.RELEASE|=3.0.6.RELEASE|=3.0.7.RELEASE|=3.1.0.RELEASE|=3.1.1.RELEASE|=3.1.2.RELEASE|=3.1.3.RELEASE|=3.1.4.RELEASE|=3.2.0.RELEASE|=3.2.1.RELEASE|=3.2.10.RELEASE|=3.2.11.RELEASE|=3.2.2.RELEASE|=3.2.3.RELEASE|=3.2.4.RELEASE|=3.2.5.RELEASE|=3.2.6.RELEASE|=3.2.7.RELEASE|=3.2.8.RELEASE|=3.2.9.RELEASE|=4.0.0.RELEASE|=4.0.1.RELEASE|=4.0.2.RELEASE|=4.0.3.RELEASE|=4.0.4.RELEASE|=4.0.5.RELEASE|=4.0.6.RELEASE|=4.0.7.RELEASE|=4.1.0.RELEASE|=4.1.1.RELEASE","fixed_version":"4.1.2","source":"osv","published_at":"2022-05-13T01:02:39Z","in_kev":false,"epss_prob":0.16987,"epss_percentile":0.94994,"threat_tier":"theoretical"},{"vuln_id":"CVE-2025-41242","severity":"medium","summary":"Spring Framework MVC Applications Path Traversal Vulnerability","affected_versions":">=6.2.0,<6.2.10|>=6.1.0,<=6.1.21|>=6.0.0,<=6.0.29|>=5.3.0,<=5.3.43|=6.2.0|=6.2.1|=6.2.2|=6.2.3|=6.2.4|=6.2.5|=6.2.6|=6.2.7|=6.2.8|=6.2.9|=6.1.0|=6.1.1|=6.1.10|=6.1.11|=6.1.12|=6.1.13|=6.1.14|=6.1.15|=6.1.16|=6.1.17|=6.1.18|=6.1.19|=6.1.2|=6.1.20|=6.1.21|=6.1.3|=6.1.4|=6.1.5|=6.1.6|=6.1.7|=6.1.8|=6.1.9|=6.0.0|=6.0.1|=6.0.10|=6.0.11|=6.0.12|=6.0.13|=6.0.14|=6.0.15|=6.0.16|=6.0.17|=6.0.18|=6.0.19|=6.0.2|=6.0.20|=6.0.21|=6.0.22|=6.0.23|=6.0.3|=6.0.4|=6.0.5|=6.0.6|=6.0.7|=6.0.8|=6.0.9|=5.3.0|=5.3.1|=5.3.10|=5.3.11|=5.3.12|=5.3.13|=5.3.14|=5.3.15|=5.3.16|=5.3.17|=5.3.18|=5.3.19|=5.3.2|=5.3.20|=5.3.21|=5.3.22|=5.3.23|=5.3.24|=5.3.25|=5.3.26|=5.3.27|=5.3.28|=5.3.29|=5.3.3|=5.3.30|=5.3.31|=5.3.32|=5.3.33|=5.3.34|=5.3.35|=5.3.36|=5.3.37|=5.3.38|=5.3.39|=5.3.4|=5.3.5|=5.3.6|=5.3.7|=5.3.8|=5.3.9","fixed_version":"6.2.10","source":"osv","published_at":"2025-08-18T09:31:44Z","in_kev":false,"epss_prob":0.00087,"epss_percentile":0.24832,"threat_tier":"theoretical"},{"vuln_id":"CVE-2023-34053","severity":"high","summary":"Spring Framework vulnerable to denial of service","affected_versions":">=6.0.0,<6.0.14|=6.0.0|=6.0.1|=6.0.10|=6.0.11|=6.0.12|=6.0.13|=6.0.2|=6.0.3|=6.0.4|=6.0.5|=6.0.6|=6.0.7|=6.0.8|=6.0.9","fixed_version":"6.0.14","source":"osv","published_at":"2023-11-28T09:30:27Z","in_kev":false,"epss_prob":0.00613,"epss_percentile":0.6994,"threat_tier":"theoretical"},{"vuln_id":"CVE-2024-38828","severity":"medium","summary":"Spring MVC controller vulnerable to a DoS attack","affected_versions":">=5.3.0,<5.3.42|=5.3.0|=5.3.1|=5.3.10|=5.3.11|=5.3.12|=5.3.13|=5.3.14|=5.3.15|=5.3.16|=5.3.17|=5.3.18|=5.3.19|=5.3.2|=5.3.20|=5.3.21|=5.3.22|=5.3.23|=5.3.24|=5.3.25|=5.3.26|=5.3.27|=5.3.28|=5.3.29|=5.3.3|=5.3.30|=5.3.31|=5.3.32|=5.3.33|=5.3.34|=5.3.35|=5.3.36|=5.3.37|=5.3.38|=5.3.39|=5.3.4|=5.3.5|=5.3.6|=5.3.7|=5.3.8|=5.3.9","fixed_version":"5.3.42","source":"osv","published_at":"2024-11-18T06:30:35Z","in_kev":false,"epss_prob":0.00076,"epss_percentile":0.22535,"threat_tier":"theoretical"}],"actively_exploited_count":1,"likely_exploited_count":4},"versions":{"latest":"7.0.0-M6","total_count":311,"recent":["7.0.0-M6","6.2.8","6.1.21","7.0.0-M5","6.2.7","6.1.20","7.0.0-M4","6.2.6","6.1.19","6.2.5","7.0.0-M3","6.2.4","6.1.18","7.0.0-M2","6.2.3","6.1.17","7.0.0-M1","6.2.2","6.2.1","6.1.16"]},"metadata":{"deprecated":false,"deprecated_message":null,"maintainers_count":0,"first_published":null,"last_published":"2025-06-12T10:14:08+00:00","dependencies_count":0,"dependencies":[]},"github_stats":null,"bundle":null,"typescript":null,"known_issues":{"bugs_count":0,"bugs_severity":{},"status_breakdown":{},"link":null,"scope":"none"},"historical_compromise":null,"recommendation":{"action":"do_not_use","issues":["Low health score (39/100)","6 high severity vulnerabilities","2 critical vulnerabilities"],"use_version":"7.0.0-M6","version_hint":"Update to >= 5.3.42 to fix known vulnerabilities","summary":"org.springframework:spring-webmvc has critical vulnerabilities — do not use"},"version_scoped":null,"requested_version":null,"_cache":"miss","_response_ms":903,"_powered_by":"depscope.dev — free package intelligence for AI agents","typosquat":{"is_suspected":false},"maintainer_trust":{"available":true,"bus_factor_3m":16,"active_contributors_12m":16,"primary_author_ratio":0.6,"owner_account_age_days":5775,"is_archived":false,"stars":59858,"alerts":[]},"malicious":{"is_malicious":false},"scorecard":{"available":true,"score":5.7,"tier":"moderate"},"quality":{"available":false},"co_used_with":[{"package":"@cloudbase/agent-agents","occurrences":2},{"package":"org.apache.activemq:apache-activemq","occurrences":2},{"package":"types-protobuf","occurrences":2}],"version_history_summary":{"total_versions":20,"first_release_age_days":3418,"last_release_days_ago":323,"avg_days_between_releases":180,"release_velocity":"moderate"}}