VIR Vulnerability Intelligence Relay

Package impact

java Maven / org.springframework:spring-webmvc

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Published Description Impact
CVE-2014-0225 high 8.8 8.8 9y ago When processing user provided XML documents, the Spring Framework 4.0.0 to 4.0.4, 3.0.0 to 3.2.8, and possibly earlier unsupported versions did not disable by default the resolution of URI references… debianjavavmware
CVE-2016-9878 high 7.5 7.5 10y ago Pivotal Spring Framework Paths provided to the ResourceServlet were not properly sanitized debianjavavmware
CVE-2014-0054 medium 6.8 12y ago Cross-Site Request Forgery in Spring Framework debianjavavmware
CVE-2026-22745 medium 5.3 5.3 29d ago Spring MVC and WebFlux applications are vulnerable to Denial of Service attacks when resolving static resources debianjavavmware
CVE-2014-3625 medium 5.0 12y ago Directory traversal vulnerability in Pivotal Spring Framework 3.0.4 through 3.2.x before 3.2.12, 4.0.x before 4.0.8, and 4.1.x before 4.1.2 allows remote attackers to read arbitrary files via unspeci… debianjavavmware
CVE-2014-1904 medium 4.3 12y ago Cross-site scripting (XSS) vulnerability in web/servlet/tags/form/FormTag.java in Spring MVC in Spring Framework 3.0.0 before 3.2.8 and 4.0.0 before 4.0.2 allows remote attackers to inject arbitrary … debianjava
CVE-2026-22741 low 3.1 3.1 29d ago Spring MVC and WebFlux applications are vulnerable to cache poisoning when resolving static resources. debianjavavmware