org.springframework:spring-web@4.3.16.RELEASE vulnerabilities
-
latest version
6.1.7
-
latest non vulnerable version
-
first published
19 years ago
-
latest version published
18 days ago
-
licenses detected
- [0,)
-
package manager
Direct Vulnerabilities
Known vulnerabilities in the org.springframework:spring-web package. This does not include vulnerabilities belonging to this package’s dependencies.
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.| Vulnerability | Vulnerable Version |
|---|---|
org.springframework:spring-web is a package that provides a comprehensive programming and configuration model for modern Java-based enterprise applications - on any kind of deployment platform. Affected versions of this package are vulnerable to Open Redirect when Note: This is the same as CVE-2024-22259 and CVE-2024-22243, but with different input. How to fix Open Redirect? Upgrade |
[,5.3.34)
[6.0.0,6.0.19)
[6.1.0,6.1.6)
|
org.springframework:spring-web is a package that provides a comprehensive programming and configuration model for modern Java-based enterprise applications - on any kind of deployment platform. Affected versions of this package are vulnerable to Open Redirect when using Note: This is the same as CVE-2024-22243, but with different input. How to fix Open Redirect? Upgrade |
[,5.3.33)
[6.0.0,6.0.18)
[6.1.0,6.1.5)
|
org.springframework:spring-web is a package that provides a comprehensive programming and configuration model for modern Java-based enterprise applications - on any kind of deployment platform. Affected versions of this package are vulnerable to Open Redirect when How to fix Open Redirect? Upgrade |
[,5.3.32)
[6.0.0,6.0.17)
[6.1.0,6.1.4)
|
org.springframework:spring-web is a package that provides a comprehensive programming and configuration model for modern Java-based enterprise applications - on any kind of deployment platform. Affected versions of this package are vulnerable to Improper Input Validation. The protections against Reflected File Download attacks from CVE-2015-5211 may be bypassed depending on the browser used through the use of a How to fix Improper Input Validation? Upgrade |
[3.2.0.RELEASE,4.3.29.RELEASE)
[5.0.0.RELEASE,5.0.19.RELEASE)
[5.1.0.RELEASE,5.1.18.RELEASE)
[5.2.0.RELEASE,5.2.9.RELEASE)
|
org.springframework:spring-web is a package that provides a comprehensive programming and configuration model for modern Java-based enterprise applications - on any kind of deployment platform. Affected versions of this package are vulnerable to Denial of Service (DoS). A malicious user could add a range header with a high number of ranges, or with wide ranges that overlap, or both, for a denial of service attack. How to fix Denial of Service (DoS)? Upgrade |
[4.2.0.RELEASE,4.3.20.RELEASE)
[5.0.0.RELEASE,5.0.10.RELEASE)
[5.1.0.RELEASE,5.1.1.RELEASE)
|
org.springframework:spring-web is a package that provides a comprehensive programming and configuration model for modern Java-based enterprise applications - on any kind of deployment platform. Affected versions of this package are vulnerable to Information Exposure. It allows web applications to enable cross-domain requests via JSONP (JSON with Padding) through How to fix Information Exposure? Upgrade |
[4.3.0.RELEASE,4.3.18.RELEASE)
[5.0.0.RELEASE,5.0.7.RELEASE)
|
org.springframework:spring-web is a package that provides a comprehensive programming and configuration model for modern Java-based enterprise applications - on any kind of deployment platform. Affected versions of this package are vulnerable to Cross-Site Tracing (XST). It allows web applications to change the HTTP request method to any HTTP method (including TRACE) using the How to fix Cross-Site Tracing (XST)? Upgrade |
[4.3.0.RELEASE,4.3.18.RELEASE)
[5.0.0.RELEASE,5.0.7.RELEASE)
|