Spring
Recent Spring Security Advisories
Advisory | Title | Published |
---|---|---|
2024-08-23 | cve-2024-38807 - Medium - CVE-2024-38807: Signature Forgery Vulnerability in Spring Boot's Loader | August 23, 2024 |
2024-08-14 | cve-2024-38808 - Medium - CVE-2024-38808: Spring Expression DoS Vulnerability | August 14, 2024 |
2024-08-14 | cve-2024-38809 - Medium - CVE-2024-38809: Spring Framework DoS via conditional HTTP request | August 14, 2024 |
2024-07-24 | CVE-2024-37084 - Critical - CVE-2024-37084: Remote code execution in Spring Cloud Data Flow | July 24, 2024 |
2024-06-19 | CVE-2024-22271 - Medium - CVE-2024-22271: Spring Cloud Function Web DOS Vulnerability | June 19, 2024 |
2024-05-23 | cve-2024-22263 - High - CVE-2024-22263: Arbitrary File Write Vulnerability in Spring Cloud Data Flow | May 23, 2024 |
2024-04-11 | CVE-2024-22262 - High - CVE-2024-22262: Spring Framework URL Parsing with Host Validation (3rd report) | April 11, 2024 |
2024-03-19 | CVE-2024-22258 - Medium - CVE-2024-22258: PKCE Downgrade in Spring Authorization Server | March 19, 2024 |
2024-03-18 | cve-2024-22257 - High - CVE-2024-22257: Possible Broken Access Control in Spring Security With Direct Use of AuthenticatedVoter | March 18, 2024 |
2024-03-15 | CVE-2024-22259 - High - CVE-2024-22259: Spring Framework URL Parsing with Host Validation (2nd report) | March 15, 2024 |
By the Year
In 2024 there have been 0 vulnerabilities in Spring . Last year Spring had 1 security vulnerability published. Right now, Spring is on track to have less security vulnerabilities in 2024 than it did last year.
Year | Vulnerabilities | Average Score |
---|---|---|
2024 | 0 | 0.00 |
2023 | 1 | 4.30 |
2022 | 0 | 0.00 |
2021 | 0 | 0.00 |
2020 | 0 | 0.00 |
2019 | 0 | 0.00 |
2018 | 0 | 0.00 |
It may take a day or so for new Spring vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Spring Security Vulnerabilities
A batch loader function in Spring for GraphQL versions 1.1.0 - 1.1.5 and 1.2.0 - 1.2.2 may be exposed to GraphQL context with values, including security context values
CVE-2023-34047
4.3 - Medium
- September 20, 2023
A batch loader function in Spring for GraphQL versions 1.1.0 - 1.1.5 and 1.2.0 - 1.2.2 may be exposed to GraphQL context with values, including security context values, from a different session. An application is vulnerable if it provides a DataLoaderOptions instance when registering batch loader functions through DefaultBatchLoaderRegistry.