Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
spring boot vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2023-38286
Thymeleaf up to and including 3.1.1.RELEASE, as used in spring-boot-admin (aka Spring Boot Admin) up to and including 3.1.1 and other products, allows sandbox bypass via crafted HTML. This may be relevant for SSTI (Server Side Template Injection) and code execution in spring-boot...
Thymeleaf Thymeleaf
Codecentric Spring Boot Admin
1 Github repository
7.5
CVSSv3
CVE-2022-32430
An access control issue in Lin CMS Spring Boot v0.2.1 allows malicious users to access the backend information and functions within the application.
Talelin Lin-cms-spring-boot 0.2.1
9.8
CVSSv3
CVE-2022-31691
Spring Tools 4 for Eclipse version 4.16.0 and below as well as VSCode extensions such as Spring Boot Tools, Concourse CI Pipeline Editor, Bosh Editor and Cloudfoundry Manifest YML Support version 1.39.0 and below all use Snakeyaml library for YAML editing support. This library al...
Vmware Cloudfoundry Manifest Yml Support
Vmware Bosh Editor
Vmware Concourse Ci Pipeline Editor
Vmware Spring Tools
Vmware Spring Boot Tools
1 Github repository
9.8
CVSSv3
CVE-2021-26987
Element Plug-in for vCenter Server incorporates SpringBoot Framework. SpringBoot Framework versions before 1.3.2 are susceptible to a vulnerability which when successfully exploited could lead to Remote Code Execution. All versions of Element Plug-in for vCenter Server, Managemen...
Vmware Spring Boot
Netapp Element Plug-in For Vcenter Server
Netapp Management Services For Element Software And Netapp Hci
Netapp Solidfire \\& Hci Management Node
6.5
CVSSv3
CVE-2023-20863
In spring framework versions before 5.2.24 release+ ,5.3.27+ and 6.0.8+ , it is possible for a user to provide a specially crafted SpEL expression that may cause a denial-of-service (DoS) condition.
Vmware Spring Framework
1 Github repository
7.5
CVSSv3
CVE-2024-22233
In Spring Framework versions 6.0.15 and 6.1.2, it is possible for a user to provide specially crafted HTTP requests that may cause a denial-of-service (DoS) condition. Specifically, an application is vulnerable when all of the following are true: * the application uses Spring MVC...
Vmware Spring Framework 6.1.2
Vmware Spring Framework 6.0.15
9.8
CVSSv3
CVE-2018-1260
Spring Security OAuth, versions 2.3 before 2.3.3, 2.2 before 2.2.2, 2.1 before 2.1.2, 2.0 before 2.0.15 and older unsupported versions contains a remote code execution vulnerability. A malicious user or attacker can craft an authorization request to the authorization endpoint tha...
Pivotal Software Spring Security Oauth
7.5
CVSSv3
CVE-2023-34053
In Spring Framework versions 6.0.0 - 6.0.13, it is possible for a user to provide specially crafted HTTP requests that may cause a denial-of-service (DoS) condition. Specifically, an application is vulnerable when all of the following are true: * the application uses Spring MVC o...
Vmware Spring Framework
6.5
CVSSv3
CVE-2022-22950
n Spring Framework versions 5.3.0 - 5.3.16 and older unsupported versions, it is possible for a user to provide a specially crafted SpEL expression that may cause a denial of service condition.
Vmware Spring Framework
3 Github repositories
6.5
CVSSv3
CVE-2023-20861
In Spring Framework versions 6.0.0 - 6.0.6, 5.3.0 - 5.3.25, 5.2.0.RELEASE - 5.2.22.RELEASE, and older unsupported versions, it is possible for a user to provide a specially crafted SpEL expression that may cause a denial-of-service (DoS) condition.
Vmware Spring Framework
1 Github repository
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3581
reflected XSS
CVE-2024-26925
CVE-2024-27956
LFI
CVE-2024-3607
CVE-2024-3107
CVE-2024-3295
SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »