VMware Spring Session
By the Year
In 2024 there have been 0 vulnerabilities in VMware Spring Session . Last year Spring Session had 1 security vulnerability published. Right now, Spring Session is on track to have less security vulnerabilities in 2024 than it did last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2024 | 0 | 0.00 |
| 2023 | 1 | 6.50 |
| 2022 | 0 | 0.00 |
| 2021 | 0 | 0.00 |
| 2020 | 0 | 0.00 |
| 2019 | 0 | 0.00 |
| 2018 | 0 | 0.00 |
It may take a day or so for new Spring Session vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent VMware Spring Session Security Vulnerabilities
In Spring Session version 3.0.0, the session id can be logged to the standard output stream
CVE-2023-20866
6.5 - Medium
- April 13, 2023
In Spring Session version 3.0.0, the session id can be logged to the standard output stream. This vulnerability exposes sensitive information to those who have access to the application logs and can be used for session hijacking. Specifically, an application is vulnerable if it is using HeaderHttpSessionIdResolver.
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for VMware Spring Session or by VMware? Click the Watch button to subscribe.
