Spring
Recent Spring Security Advisories
| Advisory | Title | Published |
|---|---|---|
| 2024-04-11 | CVE-2024-22262 - High - CVE-2024-22262: Spring Framework URL Parsing with Host Validation (3rd report) | April 11, 2024 |
| 2024-03-19 | CVE-2024-22258 - Medium - CVE-2024-22258: PKCE Downgrade in Spring Authorization Server | March 19, 2024 |
| 2024-03-18 | cve-2024-22257 - High - CVE-2024-22257: Possible Broken Access Control in Spring Security With Direct Use of AuthenticatedVoter | March 18, 2024 |
| 2024-03-15 | CVE-2024-22259 - High - CVE-2024-22259: Spring Framework URL Parsing with Host Validation (2nd report) | March 15, 2024 |
| 2024-02-21 | CVE-2024-22243 - High - CVE-2024-22243: Spring Framework URL Parsing with Host Validation | February 21, 2024 |
| 2024-02-19 | cve-2024-22234 - High - CVE-2024-22234: Broken Access Control in Spring Security With Direct Use of isFullyAuthenticated | February 19, 2024 |
| 2024-01-22 | cve-2024-22233 - High - CVE-2024-22233: Spring Framework server Web DoS Vulnerability | January 22, 2024 |
| 2023-11-27 | cve-2023-34055 - Medium - CVE-2023-34055: Spring Boot server Web Observations DoS Vulnerability | November 27, 2023 |
By the Year
In 2024 there have been 0 vulnerabilities in Spring . Last year Spring had 1 security vulnerability published. Right now, Spring is on track to have less security vulnerabilities in 2024 than it did last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2024 | 0 | 0.00 |
| 2023 | 1 | 4.30 |
| 2022 | 0 | 0.00 |
| 2021 | 0 | 0.00 |
| 2020 | 0 | 0.00 |
| 2019 | 0 | 0.00 |
| 2018 | 0 | 0.00 |
It may take a day or so for new Spring vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Spring Security Vulnerabilities
A batch loader function in Spring for GraphQL versions 1.1.0 - 1.1.5 and 1.2.0 - 1.2.2 may be exposed to GraphQL context with values, including security context values
CVE-2023-34047
4.3 - Medium
- September 20, 2023
A batch loader function in Spring for GraphQL versions 1.1.0 - 1.1.5 and 1.2.0 - 1.2.2 may be exposed to GraphQL context with values, including security context values, from a different session. An application is vulnerable if it provides a DataLoaderOptions instance when registering batch loader functions through DefaultBatchLoaderRegistry.
