Advisories for Maven/Org.springframework/Spring package

2023

Spring Framework is vulnerable to security bypass via mvcRequestMatcher pattern mismatch

This advisory has been moved to org.springframework:spring-webmvc

2022

Improper Control of Generation of Code ('Code Injection')

SpringSource Spring Framework 2.5.x before 2.5.6.SEC02, 2.5.7 before 2.5.7.SR01, and 3.0.x before 3.0.3 allows remote attackers to execute arbitrary code via an HTTP request containing class.classLoader.URLs[0]=jar: followed by a URL of a crafted .jar file.

2016

Path Traversal

This advisory has been marked as a false positive.