Pivotal Software Spring Boot
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Pivotal Software Spring Boot.
By the Year
In 2025 there have been 0 vulnerabilities in Pivotal Software Spring Boot. Last year, in 2024 Spring Boot had 1 security vulnerability published. Right now, Spring Boot is on track to have less security vulnerabilities in 2025 than it did last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2025 | 0 | 0.00 |
| 2024 | 1 | 0.00 |
| 2023 | 0 | 0.00 |
| 2022 | 1 | 7.80 |
| 2021 | 1 | 9.80 |
| 2020 | 0 | 0.00 |
| 2019 | 0 | 0.00 |
| 2018 | 1 | 5.90 |
It may take a day or so for new Spring Boot vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Pivotal Software Spring Boot Security Vulnerabilities
Spring Boot common-user-management Remote Code Execution via Unrestricted File Upload
CVE-2024-52302
- November 14, 2024
common-user-management is a robust Spring Boot application featuring user management services designed to control user access dynamically. There is a critical security vulnerability in the application endpoint /api/v1/customer/profile-picture. This endpoint allows file uploads without proper validation or restrictions, enabling attackers to upload malicious files that can lead to Remote Code Execution (RCE).
Unrestricted File Upload
spring-boot versions prior to version v2.2.11.RELEASE was vulnerable to temporary directory hijacking
CVE-2022-27772
7.8 - High
- March 30, 2022
spring-boot versions prior to version v2.2.11.RELEASE was vulnerable to temporary directory hijacking. This vulnerability impacted the org.springframework.boot.web.server.AbstractConfigurableWebServerFactory.createTempDir method. NOTE: This vulnerability only affects products and/or versions that are no longer supported by the maintainer
Exposure of Resource to Wrong Sphere
Element Plug-in for vCenter Server incorporates SpringBoot Framework
CVE-2021-26987
9.8 - Critical
- March 15, 2021
Element Plug-in for vCenter Server incorporates SpringBoot Framework. SpringBoot Framework versions prior to 1.3.2 are susceptible to a vulnerability which when successfully exploited could lead to Remote Code Execution. All versions of Element Plug-in for vCenter Server, Management Services versions prior to 2.17.56 and Management Node versions through 12.2 contain vulnerable versions of SpringBoot Framework.
Spring Boot supports an embedded launch script that can be used to easily run the application as a systemd or init.d linux service
CVE-2018-1196
5.9 - Medium
- March 19, 2018
Spring Boot supports an embedded launch script that can be used to easily run the application as a systemd or init.d linux service. The script included with Spring Boot 1.5.9 and earlier and 2.0.0.M1 through 2.0.0.M7 is susceptible to a symlink attack which allows the "run_user" to overwrite and take ownership of any file on the same system. In order to instigate the attack, the application must be installed as a service and the "run_user" requires shell access to the server. Spring Boot application that are not installed as a service, or are not using the embedded launch script are not susceptible.
insecure temporary file
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for VMware Spring Boot or by Pivotal Software? Click the Watch button to subscribe.
