org.springframework:spring-web vulnerabilities

Spring Web

Latest version: 5.1.5.RELEASE

Licenses detected

  • license: Unknown [1.0-rc1, 1.2.9),[2.0-m1, 2.0),[3.0.0.RELEASE, 3.1.1.RELEASE)
  • license: Apache-2.0 [1.2.9, 2.0-m1),[2.0, 3.0.0.RELEASE),[3.1.1.RELEASE,)
Continuously find & fix vulnerabilities like these in your dependencies. Test and protect your applications

Direct Vulnerabilities

Known vulnerabilities in the org.springframework:spring-web package. This does not include vulnerabilities belonging to this package’s dependencies.

Vulnerability Vulnerable versions Snyk patch Published
  • L
Denial of Service (DoS)
[4.2.0, 4.3.20),[5.0.0, 5.0.10),[5.1.0, 5.1.1) Not available 18 Oct, 2018
  • H
Reflected File Download
[4.2,4.2.1.RELEASE], [4.1,4.1.7.RELEASE], [4.0,4.0.9.RELEASE], [3.2,3.2.14.RELEASE] Not available 25 Dec, 2016
  • M
Denial of Service (DoS)
[3.2,3.2.13.RELEASE], [4,4.1.6.RELEASE] Not available 25 Dec, 2016
  • H
XML External Entity (XXE) Injection
[3,3.2.8.RELEASE], [4,4.0.4.RELEASE] Not available 25 Dec, 2016
  • M
Information Exposure
[4.3,4.3.18), [5.0,5.0.7) Not available 25 Dec, 2016
  • M
XML External Entity (XXE) Injection
[3,3.2.4.RELEASE],[4-alpha,4.0.0.M3] Not available 25 Dec, 2016
  • L
Cross-site Scripting (XSS)
[3.0.0, 3.2.2) Not available 25 Dec, 2016
  • M
Directory Traversal
[3.0.0, 3.2.9),[4.0.0, 4.0.5) Not available 05 Sep, 2014
  • M
XML External Entity (XXE) Injection
[3,3.2.4), [4-alpha,4.0.0.M2) Not available 08 Jun, 2014
  • M
Cross-site Request Forgery (CSRF)
[,3.2.8), [4,4.0.2) Not available 06 Jun, 2014
  • M
XML External Entity (XXE) Injection
[3,3.2.3.RELEASE], [4-alpha,4.0.0.M3] Not available 22 Aug, 2013
  • H
Expression Language Injection
[,2.5.6.SEC03), [2.5.7,2.5.7.SR023), [3,3.0.6) Not available 09 Sep, 2011