Spring Framework is vulnerable to security bypass via mvcRequestMatcher pattern mismatch
This advisory has been moved to org.springframework:spring-webmvc
Advisories for Maven/Org.springframework/Spring package
2023
2022
Improper Output Neutralization for Logs in Spring Framework
In Spring Framework versions 5.3.0 - 5.3.10, 5.2.0 - 5.2.17, and older unsupported versions, it is possible for a user to provide malicious input to cause the insertion of additional log entries.
Improper Control of Generation of Code ('Code Injection')
SpringSource Spring Framework 2.5.x before 2.5.6.SEC02, 2.5.7 before 2.5.7.SR01, and 3.0.x before 3.0.3 allows remote attackers to execute arbitrary code via an HTTP request containing class.classLoader.URLs[0]=jar: followed by a URL of a crafted .jar file.
2016
Path Traversal
This advisory has been marked as a false positive.