Package impact
Maven / org.springframework:spring-beans
| CVE | Severity | CVSS | Risk | Published | Description | Impact |
|---|---|---|---|---|---|---|
| CVE-2022-22965 | unknown | — | 1.5 | 4y ago | Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. | |
| CVE-2022-22970 | unknown | — | — | 4y ago | In spring framework versions prior to 5.3.20+ , 5.2.22+ and old unsupported versions, applications that handle file uploads are vulnerable to DoS attack if they rely on data binding to set a Multipar… |