spring-projects spring-framework Vulnerabilities: CVEs, CISA KEV & Security Advisories

This page aggregates every publicly disclosed vulnerability (CVE) affecting spring-projects spring-framework, with a severity breakdown, the affected and patched versions, the most common weakness types, and the full CVE list.

Affected versions and CVEs

Browse every spring-projects spring-framework version named in a CVE, then pick one to see only the CVEs that affect it.

Specific versions

v3.1.0.RELEASE2 CVEs
v3.2.0.M12 CVEs
v3.2.0.M22 CVEs
v3.2.0.RC12 CVEs
v3.2.0.RC2-A2 CVEs
v3.2.0.RELEASE2 CVEs
release_0_10_01 CVE
release_0_10_11 CVE
release_0_10_21 CVE
release_0_6_01 CVE
release_0_6_11 CVE
release_0_7_01 CVE
release_0_7_11 CVE
release_0_8_11 CVE
release_0_8_21 CVE
release_0_9_01 CVE
release_0_9_11 CVE
v0.10.01 CVE
v0.10.11 CVE
v0.10.21 CVE
v0.10.31 CVE
v0.10.41 CVE
v0.10.51 CVE
v0.10.61 CVE
v0.11.0-rc01 CVE
v0.12.01 CVE
v0.12.0-rc01 CVE
v0.12.0-rc11 CVE
v0.12.0-rc21 CVE
v0.12.11 CVE
v0.13.01 CVE
v0.13.0-rc01 CVE
v0.13.0-rc11 CVE
v0.13.0-rc21 CVE
v0.13.0-rc31 CVE
v0.14.0-rc01 CVE
v0.14.0-rc11 CVE
v0.15.01 CVE
v0.15.0-rc01 CVE
v0.15.0-rc11 CVE
v0.15.0-rc21 CVE
v0.15.11 CVE
v0.6.01 CVE
v0.6.11 CVE
v0.7.01 CVE
v0.7.11 CVE
v0.8.11 CVE
v0.8.21 CVE
v0.9.01 CVE
v0.9.11 CVE
v1.01 CVE
v1.0-rc01 CVE
v1.0-rc11 CVE
v1.0-rc21 CVE
v1.0-rc31 CVE
v1.0-rc41 CVE
v1.0.11 CVE
v1.1-rc01 CVE
v1.1-rc11 CVE
v1.1-rc21 CVE
v1.1.01 CVE
v1.1.0-rc21 CVE
v1.1.0-rc31 CVE
v1.1.0-rc41 CVE
v1.1.11 CVE
v1.1.21 CVE
v1.2.01 CVE
v1.2.0-rc01 CVE
v1.2.0-rc11 CVE
v1.2.0-rc21 CVE
v1.2.0-rc31 CVE
v1.3.01 CVE
v1.3.0-rc01 CVE
v1.3.0-rc11 CVE
v1.3.0-rc21 CVE
v1.3.11 CVE
v1.4.01 CVE
v1.4.0-rc01 CVE
v1.4.0-rc11 CVE
v1.4.0-rc21 CVE
v1.5.01 CVE
v1.5.0-rc01 CVE
v1.5.0-rc11 CVE
v1.5.0-rc21 CVE
v1.5.0-rc31 CVE
v1.5.11 CVE
v1.5.21 CVE
v1.5.31 CVE
v1.6.01 CVE
v1.6.0-rc01 CVE
v1.6.0-rc11 CVE
v1.6.0-rc21 CVE
v1.6.0-rc31 CVE
v1.6.11 CVE
v1.6.21 CVE
v1.7.01 CVE
v1.7.0-rc01 CVE
v1.7.0-rc11 CVE
v1.7.0-rc21 CVE
v1.7.11 CVE
v1.7.21 CVE
v2.0.01 CVE
v2.0.0-rc01 CVE
v2.0.0-rc11 CVE
v2.0.0-rc21 CVE
v2.0.0-rc31 CVE
v2.0.11 CVE
v2.0.21 CVE
v2.1.01 CVE
v2.1.0-rc01 CVE
v2.1.0-rc11 CVE
v2.1.0-rc21 CVE
v2.1.0-rc31 CVE
v2.1.0-rc41 CVE
v2.1.0-rc51 CVE
v2.1.11 CVE
v2.10.01 CVE
v2.10.0-rc01 CVE
v2.10.0-rc11 CVE
v2.10.0-rc21 CVE
v2.10.0-rc31 CVE
v2.10.0-rc41 CVE
v2.11.01 CVE
v2.11.0-rc01 CVE
v2.11.0-rc11 CVE
v2.11.0-rc21 CVE
v2.11.0-rc31 CVE
v2.11.0-rc41 CVE
v2.11.0-rc51 CVE
v2.11.11 CVE
v2.11.21 CVE
v2.12.01 CVE
v2.12.0-rc01 CVE
v2.12.0-rc11 CVE
v2.12.0-rc21 CVE
v2.12.0-rc31 CVE
v2.12.0-rc41 CVE
v2.12.11 CVE
v2.2.01 CVE
v2.2.0-rc01 CVE
v2.2.0-rc11 CVE
v2.2.0-rc21 CVE
v2.2.0-rc31 CVE
v2.2.0-rc41 CVE
v2.2.0-rc51 CVE
v2.2.11 CVE
v2.3.01 CVE
v2.3.0-rc01 CVE
v2.3.0-rc11 CVE
v2.3.0-rc21 CVE
v2.3.0-rc31 CVE
v2.3.0-rc41 CVE
v2.3.11 CVE
v2.4.01 CVE
v2.4.0-rc01 CVE
v2.4.0-rc11 CVE
v2.4.0-rc21 CVE
v2.4.0-rc31 CVE
v2.4.0-rc41 CVE
v2.4.0.11 CVE
v2.5.01 CVE
v2.5.0-rc01 CVE
v2.5.0-rc11 CVE
v2.5.0-rc21 CVE
v2.5.0-rc31 CVE
v2.5.0-rc41 CVE
v2.5.11 CVE
v2.5.1.11 CVE
v2.6.01 CVE
v2.6.0-rc01 CVE
v2.6.0-rc11 CVE
v2.6.0-rc21 CVE
v2.6.0-rc31 CVE
v2.6.0-rc41 CVE
v2.6.0-rc51 CVE
v2.7.01 CVE
v2.7.0-rc01 CVE
v2.7.0-rc11 CVE
v2.7.0-rc21 CVE
v2.7.0-rc31 CVE
v2.7.0-rc41 CVE
v2.7.0-rc51 CVE
v2.8.01 CVE
v2.8.0-rc01 CVE
v2.8.0-rc11 CVE
v2.8.0-rc21 CVE
v2.8.0-rc31 CVE
v2.8.0-rc41 CVE
v2.8.11 CVE
v2.8.1.11 CVE
v2.9.01 CVE
v2.9.0-rc01 CVE
v2.9.0-rc11 CVE
v2.9.0-rc21 CVE
v2.9.0-rc31 CVE
v2.9.0-rc41 CVE
v2.9.0-rc51 CVE
v3.0.01 CVE
v3.0.0-rc01 CVE
v3.0.0-rc11 CVE
v3.0.0-rc21 CVE
v3.0.0-rc31 CVE
v3.0.0-rc41 CVE
v3.1.01 CVE
v3.1.0-rc01 CVE
v3.1.0-rc11 CVE
v3.1.0-rc21 CVE
v3.1.0-rc31 CVE
v3.1.0-rc41 CVE
v3.1.0-rc51 CVE
v4.0.01 CVE
v4.0.0-rc01 CVE
v4.1.01 CVE
v4.2.01 CVE
v4.3.01 CVE

Fixed in

3767abea3a9ec4b76257c1f98d65bd9da57afd285 CVEs
4b9bc50fd057bb20278dc137820159f600cce3244 CVEs
89932891ec67df1f716e65f09826f2647baf2f172 CVEs
8bfd47a8d4fb3287e4e68a74d3b3711f2c404bff2 CVEs
8da0e46ff253bab5783713078eae8898708996ba2 CVEs
8dab9416c7381a477c5b5f94da421da9eb9767352 CVEs
cfa701b8726f06528e9d408b1b94f333f70da45f2 CVEs
03e695ad5ff998d8da9b89d163ec4f04747bd5701 CVE
08bc1a050ec87cdaad6b05170c27e34d3f90cafa1 CVE
0ddc62e87f9e0c9fb664ba085bcdf7ca61e697dd1 CVE
14fa75c98a248751b952622c3f0a8b96a8e0a354

Find a version

31 CVEs

Sort

Low vulnerability · 2024-10-18
CVE-2024-38820
Patch
CWE-178
Low · CVSS 3.1
EPSS 1.5% (82th pct)2024-10-18
CVE-2024-38808: Spring Expression DoS Vulnerability
CVE-2024-38808
Patch
CWE-770
Medium · CVSS 4.3
EPSS 0.8% (75th pct)2024-08-20
CVE-2024-22259: Spring Framework URL Parsing with Host Validation (2nd report)
CVE-2024-22259
Patch
CWE-601
High · CVSS 8.1
EPSS 56.4% (98th pct)2024-03-16
CVE-2024-22233: Spring Framework server Web DoS Vulnerability
CVE-2024-22233
Patch
CWE-400
High · CVSS 7.5
EPSS 1.5% (82th pct)2024-01-22
Medium vulnerability · 2023-11-28
CVE-2023-34053
Patch
Medium · CVSS 5.3
EPSS 0.8% (75th pct)2023-11-28
Medium vulnerability · 2023-04-13
CVE-2023-20863
Patch
CWE-400
Medium · CVSS 6.5
EPSS 1.2% (79th pct)2023-04-13
High vulnerability · 2023-03-27
CVE-2023-20860
Patch
High · CVSS 7.5
EPSS 56.3% (98th pct)2023-03-27
Vulnerability · 2023-03-23
CVE-2023-20861
Patch
CWE-400
Unscored
EPSS 0.5% (68th pct)2023-03-23
Vulnerability · 2022-05-12
CVE-2022-22971
Patch
CWE-770
Unscored
EPSS 0.2% (48th pct)2022-05-12
Vulnerability · 2022-05-12
CVE-2022-22970
Patch
CWE-770
Unscored
EPSS 0.2% (37th pct)2022-05-12
Vulnerability · 2022-04-14
CVE-2022-22968
Patch
Unscored
EPSS 20.5% (96th pct)2022-04-14
Vulnerability · 2022-04-01
CVE-2022-22950
Patch
CWE-770
Unscored
EPSS 2.5% (86th pct)2022-04-01
Critical vulnerability · 2022-04-01
CVE-2022-22965
CISA KEV
Public exploit
Patch
CWE-94
Added to CISA KEV 2022-04-04
Critical · CVSS 10.0
EPSS 94.4% (100th pct)2022-04-01
Vulnerability · 2022-01-07
CVE-2021-22060
Patch
Unscored
EPSS 0.2% (39th pct)2022-01-07
Vulnerability · 2021-10-28
CVE-2021-22096
Patch
CWE-117
Unscored
EPSS 0.2% (45th pct)2021-10-28
Vulnerability · 2021-05-27
CVE-2021-22118
Patch
CWE-269
Unscored
EPSS 0.3% (49th pct)2021-05-27
High vulnerability · 2020-09-19
CVE-2020-5421
Patch
High · CVSS 8.7
EPSS 63.8% (98th pct)2020-09-19
Vulnerability · 2020-07-09
CVE-2020-10756
Patch
Unscored
EPSS 0.0% (8th pct)2020-07-09
Medium vulnerability · 2020-01-17
CVE-2020-5397
Patch
CWE-352
Medium · CVSS 5.3
EPSS 0.9% (75th pct)2020-01-17
Vulnerability · 2020-01-02
CVE-2016-1000027
Patch
Unscored
EPSS 60.4% (98th pct)2020-01-02
Low vulnerability · 2018-12-19
CVE-2018-15801
Patch
Low · CVSS 3.3
EPSS 0.1% (31th pct)2018-12-19
DoS Attack via Range Requests
CVE-2018-15756
Patch
High · CVSS 7.5
EPSS 20.1% (96th pct)2018-10-18
Vulnerability · 2018-06-25
CVE-2018-11040
Patch
Unscored
EPSS 7.3% (92th pct)2018-06-25
Vulnerability · 2018-06-25
CVE-2018-11039
Patch
Unscored
EPSS 2.6% (86th pct)2018-06-25
Vulnerability · 2018-05-11
CVE-2018-1257
Patch
Unscored
EPSS 1.2% (79th pct)2018-05-11
Vulnerability · 2018-04-11
CVE-2018-1275
Patch
CWE-94
Unscored
EPSS 38.1% (97th pct)2018-04-11
Vulnerability · 2018-04-06
CVE-2018-1272
Patch
Unscored
EPSS 2.2% (85th pct)2018-04-06
Vulnerability · 2018-04-06
CVE-2018-1271
Patch
CWE-22
Unscored
EPSS 91.0% (100th pct)2018-04-06
Vulnerability · 2018-04-06
CVE-2018-1270
Public exploit
Patch
CWE-94
Unscored
EPSS 90.0% (100th pct)2018-04-06
Vulnerability · 2017-05-25
CVE-2016-5007
Patch
Unscored
EPSS 0.2% (36th pct)2017-05-25

Showing 30 of 31

spring-projects spring-framework Vulnerabilities

Overview

Severity and exploitation

Affected versions and CVEs

Specific versions

Fixed in

Common weakness types

Disclosure activity by year

Other spring-projects products

Frequently asked questions

How many CVEs does spring-projects spring-framework have?

How many spring-projects spring-framework CVEs are in CISA KEV?

Are there public exploits for spring-projects spring-framework vulnerabilities?

Which versions of spring-projects spring-framework are affected?

What are the most common weakness types in spring-projects spring-framework CVEs?

How many critical spring-projects spring-framework vulnerabilities are there?

What is the average severity of spring-projects spring-framework CVEs?

References

Track spring-projects spring-framework vulnerabilities