Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

spring

19 Products 34 CVEs

CVE Severity Distribution (All Time)

Critical
2
High
7
Medium
13
Low
6

Timeline Overview

Last 30 Days 0 CVEs
Last 6 Months 0 CVEs
Last Year 7 CVEs

Products

View all

Spring Framework

10 Versions 8 CVEs

spring security

6 Versions 4 CVEs

Spring

10 Versions 4 CVEs

Spring Boot

12 Versions 3 CVEs

Spring Security OAuth

4 Versions 2 CVEs

Recent CVEs

View all
CVE-2024-38829 LOW 7 months, 3 weeks ago

A vulnerability in Spring LDAP allows data exposure for case sensitive comparisons.This issue affects Spring LDAP: from 2.4.0 through 2.4.3, from 3.0…

CVE-2024-38828 MEDIUM 8 months, 1 week ago

Spring MVC controller methods with an @RequestBody byte[] method parameter are vulnerable to a DoS attack.

CVE-2024-38821 CRITICAL 9 months ago

Spring WebFlux applications that have Spring Security authorization rules on static resources can be bypassed under certain circumstances. For this …

CVE-2024-38816 HIGH 10 months, 2 weeks ago

Applications serving static resources through the functional web frameworks WebMvc.fn or WebFlux.fn are vulnerable to path traversal attacks. An atta…

CVE-2024-38807 MEDIUM 11 months ago

Applications that use spring-boot-loader or spring-boot-loader-classic and contain custom code that performs signature verification of nested jar fil…

CVE-2024-38808 MEDIUM 11 months, 1 week ago

In Spring Framework versions 5.3.0 - 5.3.38 and older unsupported versions, it is possible for a user to provide a specially crafted Spring Expressio…

CVE-2024-38810 MEDIUM 11 months, 1 week ago

Missing Authorization When Using @AuthorizeReturnObject in Spring Security 6.3.0 and 6.3.1 allows attacker to render security annotations inaffective.