cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-22271,https://securityvulnerability.io/vulnerability/CVE-2024-22271,Spring Cloud Function Web DOS Vulnerability,"The Spring Cloud Function Framework is susceptible to a Denial of Service (DoS) attack when users attempt to compose functions that do not exist. This vulnerability is present in versions 4.1.x prior to 4.1.2 and 4.0.x prior to 4.0.8, specifically when the Spring Cloud Function Web module is employed. Exploiting this vulnerability could hinder the application's functionality and accessibility, as it can cause significant interruptions when improper function compositions occur.",Spring By Vmware Tanzu,Spring Cloud Function Framework,8.2,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-07-09T13:15:00.000Z,0
CVE-2023-20863,https://securityvulnerability.io/vulnerability/CVE-2023-20863,Denial of Service Vulnerability in Spring Framework by VMware,"The Spring Framework, developed by VMware, is susceptible to a vulnerability that allows an attacker to exploit specially crafted SpEL expressions. This may lead to a denial-of-service (DoS) condition in applications utilizing affected versions. The vulnerability affects Spring Framework versions prior to 5.2.24, 5.3.27, and 6.0.8, threatening reliability and availability. Organizations are encouraged to update to the latest versions to mitigate these risks.",Vmware,Spring Framework,6.5,MEDIUM,0.0017099999822676182,false,,false,false,false,,,false,false,,2023-04-13T00:00:00.000Z,0
CVE-2023-20860,https://securityvulnerability.io/vulnerability/CVE-2023-20860,Security Bypass in Spring Framework Due to Pattern Matching Issues,"A security vulnerability exists in the Spring Framework affecting versions 6.0.0 to 6.0.6 and 5.3.0 to 5.3.25. This vulnerability arises from an incorrect pattern matching mechanism when using '**' in Spring Security configuration alongside the mvcRequestMatcher. This inconsistency between Spring Security and Spring MVC could potentially allow for unauthorized access or security bypass, posing a risk to applications that rely on these frameworks.",Vmware,Spring Framework,7.5,HIGH,0.000699999975040555,false,,false,false,true,2023-03-24T07:23:52.000Z,true,false,false,,2023-03-27T00:00:00.000Z,0
CVE-2023-20861,https://securityvulnerability.io/vulnerability/CVE-2023-20861,Denial-of-Service Vulnerability in Spring Framework Products by VMware,"In various versions of the Spring Framework, including versions 6.0.0 to 6.0.6, 5.3.0 to 5.3.25, and 5.2.0.RELEASE to 5.2.22.RELEASE, a vulnerability exists that allows attackers to submit specially crafted SpEL (Spring Expression Language) expressions. These expressions can potentially lead to a denial-of-service (DoS) condition, disrupting the normal function of applications utilizing the affected framework versions. Organizations using these frameworks are encouraged to review their implementations and apply any necessary updates to mitigate this vulnerability.",Vmware,Spring Framework,6.5,MEDIUM,0.0012000000569969416,false,,false,false,false,,,false,false,,2023-03-23T00:00:00.000Z,0
CVE-2022-22971,https://securityvulnerability.io/vulnerability/CVE-2022-22971,Denial of Service Vulnerability in Spring Framework Affecting VMware and Oracle Products,"The Spring Framework is susceptible to a denial of service attack when applications utilizing a STOMP over WebSocket endpoint are exploited by an authenticated user. This vulnerability is present in versions prior to 5.3.20 and 5.2.22, as well as older versions that have reached end-of-life support. It is essential for users of the framework to identify affected versions and implement necessary updates to mitigate potential attacks.",Vmware,Spring Framework,6.5,MEDIUM,0.00107999995816499,false,,false,false,true,2022-11-26T22:04:38.000Z,true,false,false,,2022-05-12T19:30:49.000Z,0
CVE-2022-22970,https://securityvulnerability.io/vulnerability/CVE-2022-22970,Denial of Service Vulnerability in Spring Framework by VMware,"A vulnerability exists in the Spring Framework that allows applications handling file uploads to be susceptible to Denial of Service (DoS) attacks. This issue arises when applications utilize data binding to assign a MultipartFile or javax.servlet.Part to a model object. Versions of the Spring Framework prior to 5.3.20 and 5.2.22, as well as other old, unsupported versions, are inherently at risk, making it crucial for users to update to secure versions to mitigate potential abuse.",Vmware,Spring Framework,5.3,MEDIUM,0.003160000080242753,false,,false,false,false,,,false,false,,2022-05-12T19:28:47.000Z,0
CVE-2022-22968,https://securityvulnerability.io/vulnerability/CVE-2022-22968,Data Binding Configuration Vulnerability in Spring Framework by VMware,"The Spring Framework exhibits a data binding configuration vulnerability where the 'disallowedFields' patterns are case-sensitive. This means that fields will only be effectively protected if they are explicitly listed with both upper and lower case for their initial characters. This extends to all nested fields within the property path, posing a potential security risk if developers are unaware of this requirement. Proper configuration is crucial to mitigate the risk of unauthorized data exposure.",Vmware,Spring Framework,5.3,MEDIUM,0.0007900000200606883,false,,false,false,true,2022-05-12T18:25:18.000Z,true,false,false,,2022-04-14T20:05:50.000Z,0
CVE-2022-22950,https://securityvulnerability.io/vulnerability/CVE-2022-22950,Denial of Service Vulnerability in Spring Framework by VMware,"In specific versions of Spring Framework, a specially crafted Spring Expression Language (SpEL) expression can be utilized to trigger a denial of service condition. This vulnerability allows attackers to exploit the framework's handling of SpEL, potentially causing resource exhaustion or application unavailability. It is crucial for developers and system administrators using affected versions of the Spring Framework to apply the latest updates or patches to mitigate this issue.",Vmware,Spring Framework,6.5,MEDIUM,0.0008099999977275729,false,,false,false,false,,,false,false,,2022-04-01T23:15:00.000Z,0
CVE-2022-22965,https://securityvulnerability.io/vulnerability/CVE-2022-22965,Remote Code Execution Vulnerability in Spring Framework Products by VMware,"A vulnerability in the Spring Framework could allow unauthorized remote code execution (RCE) when an application is running on JDK 9+ with Spring MVC or Spring WebFlux deployed as a WAR on a Tomcat server. If the application is executed as a Spring Boot executable JAR, it is not susceptible to this exploit. Given the broad nature of this vulnerability, other permutations may exist that could lead to exploitation.",Vmware,Spring Framework,9.8,CRITICAL,0.9743599891662598,true,2022-04-04T00:00:00.000Z,false,false,true,2022-04-04T00:00:00.000Z,true,false,false,,2022-04-01T23:15:00.000Z,0
CVE-2021-22060,https://securityvulnerability.io/vulnerability/CVE-2021-22060,Input Validation Vulnerability in Spring Framework by VMware,"The Spring Framework showcases a vulnerability where malicious input can lead to the insertion of unintended log entries. This issue arises in versions 5.3.0 through 5.3.13, as well as 5.2.0 through 5.2.18, and affects legacy versions too. It serves as an extension of previous vulnerabilities by enhancing safeguards against various input types within the codebase. Addressing this vulnerability is critical for maintaining the integrity of logging mechanisms and ensuring the application's overall security.",Vmware,Spring Framework,4.3,MEDIUM,0.0004900000058114529,false,,false,false,false,,,false,false,,2022-01-10T14:10:00.000Z,0
CVE-2021-22096,https://securityvulnerability.io/vulnerability/CVE-2021-22096,Log Injection Vulnerability in Spring Framework by VMware,"In affected versions of the Spring Framework, a vulnerability exists that allows an attacker to insert malicious input, resulting in unauthorized manipulation of log entries. This could lead to the disclosure of sensitive information or obfuscation of security-related logs, making it difficult to trace malicious activities. It is crucial for users to adopt the latest versions of the framework to mitigate this risk.",Vmware,Spring Framework,4.3,MEDIUM,0.0007900000200606883,false,,false,false,false,,,false,false,,2021-10-28T15:22:35.000Z,0
CVE-2021-22118,https://securityvulnerability.io/vulnerability/CVE-2021-22118,Privilege Escalation Vulnerability in Spring Framework by VMware,"In the Spring Framework, specifically in versions preceding 5.2.15 and 5.3.7, there exists a vulnerability that allows a locally authenticated attacker to perform privilege escalation. This occurs due to improper handling of temporary storage directories. A malicious user could exploit this flaw by (re)creating these directories, gaining unauthorized access to read, modify, or overwrite files uploaded to the WebFlux application using multipart requests.",Vmware,Spring Framework,7.8,HIGH,0.0006000000284984708,false,,false,false,false,,,false,false,,2021-05-27T14:48:16.000Z,0
CVE-2020-5421,https://securityvulnerability.io/vulnerability/CVE-2020-5421,RFD Protection Bypass via jsessionid,"In Spring Framework versions 5.2.0 - 5.2.8, 5.1.0 - 5.1.17, 5.0.0 - 5.0.18, 4.3.0 - 4.3.28, and older unsupported versions, the protections against RFD attacks from CVE-2015-5211 may be bypassed depending on the browser used through the use of a jsessionid path parameter.",Spring By Vmware,Spring Framework,8.7,HIGH,0.07749000191688538,false,,false,false,true,2021-01-10T12:26:00.000Z,true,false,false,,2020-09-19T04:15:00.000Z,0
CVE-2016-1000027,https://securityvulnerability.io/vulnerability/CVE-2016-1000027,Remote Code Execution Vulnerability in Pivotal Spring Framework,"A potential remote code execution (RCE) vulnerability exists in the Pivotal Spring Framework, stemming from unsafe Java deserialization of untrusted data. Although the vendor maintains that handling untrusted data is not within the intended scope of the framework's use, the risk level depends on the specific implementation in various products. Depending on the implementation, this vulnerability could be exploited if authentication measures are not adequate.",Vmware,Spring Framework,9.8,CRITICAL,0.010080000385642052,false,,false,false,true,2024-02-09T00:57:41.000Z,true,false,false,,2020-01-02T00:00:00.000Z,0
CVE-2015-5211,https://securityvulnerability.io/vulnerability/CVE-2015-5211,,"Under some situations, the Spring Framework 4.2.0 to 4.2.1, 4.0.0 to 4.1.7, 3.2.0 to 3.2.14 and older unsupported versions is vulnerable to a Reflected File Download (RFD) attack. The attack involves a malicious user crafting a URL with a batch script extension that results in the response being downloaded rather than rendered and also includes some input reflected in the response.",Vmware,Spring Framework,9.6,CRITICAL,0.0013899999903514981,false,,false,false,false,,,false,false,,2017-05-25T17:00:00.000Z,0
CVE-2011-2894,https://securityvulnerability.io/vulnerability/CVE-2011-2894,,"Spring Framework 3.0.0 through 3.0.5, Spring Security 3.0.0 through 3.0.5 and 2.0.0 through 2.0.6, and possibly other versions deserialize objects from untrusted sources, which allows remote attackers to bypass intended security restrictions and execute untrusted code by (1) serializing a java.lang.Proxy instance and using InvocationHandler, or (2) accessing internal AOP interfaces, as demonstrated using deserialization of a DefaultListableBeanFactory instance to execute arbitrary commands via the java.lang.Runtime class.",Vmware,"Spring Security,Spring Framework",,,0.015080000273883343,false,,false,false,true,2013-07-31T08:48:19.000Z,true,false,false,,2011-10-04T10:00:00.000Z,0