Vulnerabilities in Spring
149 resultsCVE-2020-5398HIGHRFD Attack via "Content-Disposition" Header Sourced from Request Input by Spring MVC or Spring WebFlux ApplicationEPSS 88.1%CVE-2019-3799—Directory Traversal with spring-cloud-config-serverEPSS 85.3%CVE-2024-37084CRITICALCVE-2024-37084: Remote code execution in Spring Cloud Data FlowEPSS 35.2%CVE-2019-3778—Open Redirect in spring-security-oauth2EPSS 15.6%CVE-2024-38816HIGHCVE-2024-38816: Path traversal vulnerability in functional web frameworksEPSS 14.7%CVE-2019-11269MEDIUMOpen Redirector in spring-security-oauth2EPSS 8.9%CVE-2019-3773—Spring Web Services XML External Entity Injection (XXE)EPSS 4.1%CVE-2024-22243HIGHCVE-2024-22243: Spring Framework URL Parsing with Host ValidationEPSS 4.0%CVE-2025-41243CRITICALSpring Expression Language property modification using Spring Cloud Gateway Server WebFluxEPSS 3.3%CVE-2019-3774—Spring Batch XML External Entity Injection (XXE)EPSS 3.0%CVE-2019-3772—Spring Integration XML External Entity Injection (XXE)EPSS 3.0%CVE-2024-22259HIGHCVE-2024-22259: Spring Framework URL Parsing with Host Validation (2nd report)EPSS 2.6%CVE-2020-5397MEDIUMCSRF Attack via CORS Preflight Requests with Spring MVC or Spring WebFluxEPSS 2.4%CVE-2023-34040MEDIUMJava Deserialization vulnerability in Spring-Kafka When Improperly ConfiguredEPSS 2.2%CVE-2019-3795LOWInsecure Randomness When Using a SecureRandom Instance Constructed by Spring SecurityEPSS 1.9%CVE-2024-38821CRITICALAuthorization Bypass of Static Resources in WebFlux ApplicationsEPSS 1.7%CVE-2023-34050MEDIUMSpring AMQP Deserialization VulnerabilityEPSS 1.5%CVE-2019-11272—PlaintextPasswordEncoder authenticates encoded passwords that are nullEPSS 1.4%CVE-2019-3802LOWAdditional information exposure with Spring Data JPA example matcherEPSS 1.2%CVE-2026-22739HIGHSpring Cloud Config Profile Substitution Can Allow Unintended Access To Files And Enable SSRF AttacksEPSS 1.2%