org.springframework:spring-web vulnerabilities

Spring Web

Latest version: 5.1.8.RELEASE

Licenses detected

  • license: Unknown [1.0-rc1, 1.2.9),[2.0-m1, 2.0),[3.0.0.RELEASE, 3.1.1.RELEASE)
  • license: Apache-2.0 [1.2.9, 2.0-m1),[2.0, 3.0.0.RELEASE),[3.1.1.RELEASE,)
Continuously find & fix vulnerabilities like these in your dependencies. Test and protect your applications

Direct Vulnerabilities

Known vulnerabilities in the org.springframework:spring-web package. This does not include vulnerabilities belonging to this package’s dependencies.

Vulnerability Vulnerable versions Snyk patch Published
  • L
Denial of Service (DoS)
[4.2.0.RELEASE, 4.3.20.RELEASE),[5.0.0.RELEASE, 5.0.10.RELEASE),[5.1.0.RELEASE, 5.1.1.RELEASE) Not available 18 Oct, 2018
  • H
Reflected File Download
[3.2, 3.2.15),[4.0, 4.1.18),[4.2, 4.2.2) Not available 25 Dec, 2016
  • M
Denial of Service (DoS)
[3.2, 3.2.14),[4, 4.1.7) Not available 25 Dec, 2016
  • H
XML External Entity (XXE) Injection
[3,3.2.9.RELEASE),[4,4.0.5.RELEASE) Not available 25 Dec, 2016
  • M
Information Exposure
[4.3,4.3.18),[5.0,5.0.7) Not available 25 Dec, 2016
  • L
Cross-site Scripting (XSS)
[3.0.0, 3.2.2) Not available 25 Dec, 2016
  • M
XML External Entity (XXE) Injection
[3,3.2.4.RELEASE],[4-alpha,4.0.0.M3] Not available 25 Dec, 2016
  • M
Directory Traversal
[3.0.0, 3.2.9),[4.0.0, 4.0.5) Not available 05 Sep, 2014
  • M
XML External Entity (XXE) Injection
[3,3.2.4), [4-alpha,4.0.0.M2) Not available 08 Jun, 2014
  • M
Cross-site Request Forgery (CSRF)
[,3.2.8), [4,4.0.2) Not available 06 Jun, 2014
  • M
XML External Entity (XXE) Injection
[3.0.0, 3.2.4) Not available 22 Aug, 2013
  • H
Expression Language Injection
[,2.5.6.SEC03), [2.5.7,2.5.7.SR023), [3,3.0.6) Not available 09 Sep, 2011