org.springframework.boot:spring-boot-autoconfigure 4.0.3

Direct Vulnerabilities

Known vulnerabilities in the org.springframework.boot:spring-boot-autoconfigure package. This does not include vulnerabilities belonging to this package’s dependencies.

Fix vulnerabilities automatically

Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

Fix for free

Vulnerability	Vulnerable Version
L Improper Validation of Certificate with Host Mismatch Affected versions of this package are vulnerable to Improper Validation of Certificate with Host Mismatch when using an SSL bundle. This effectively weakens TLS by allowing connections without verifying the server identity (classic MITM risk). How to fix Improper Validation of Certificate with Host Mismatch? Upgrade `org.springframework.boot:spring-boot-autoconfigure` to version 3.5.14, 4.0.6 or higher.	[,3.5.14)[4.0.0-M1,4.0.6)
L Improper Validation of Certificate with Host Mismatch Affected versions of this package are vulnerable to Improper Validation of Certificate with Host Mismatch due to establishing SSL connections to Cassandra without verifying that the hostname in the server's SSL certificate actually matched the hostname of the server being connected to. While the application might have verified that the certificate was signed by a trusted Certificate Authority (CA), failing to verify the hostname means an attacker could present any valid certificate (even one meant for a different domain) to successfully intercept the connection, leaving the application vulnerable to Man-in-the-Middle (MitM) attacks. How to fix Improper Validation of Certificate with Host Mismatch? Upgrade `org.springframework.boot:spring-boot-autoconfigure` to version 3.5.14, 4.0.6 or higher.	[,3.5.14)[4.0.0-M1,4.0.6)

Vulnerability

Vulnerable Version

Improper Validation of Certificate with Host Mismatch

Affected versions of this package are vulnerable to Improper Validation of Certificate with Host Mismatch when using an SSL bundle. This effectively weakens TLS by allowing connections without verifying the server identity (classic MITM risk).

How to fix Improper Validation of Certificate with Host Mismatch?

Upgrade org.springframework.boot:spring-boot-autoconfigure to version 3.5.14, 4.0.6 or higher.

[,3.5.14)[4.0.0-M1,4.0.6)

Improper Validation of Certificate with Host Mismatch

Affected versions of this package are vulnerable to Improper Validation of Certificate with Host Mismatch due to establishing SSL connections to Cassandra without verifying that the hostname in the server's SSL certificate actually matched the hostname of the server being connected to. While the application might have verified that the certificate was signed by a trusted Certificate Authority (CA), failing to verify the hostname means an attacker could present any valid certificate (even one meant for a different domain) to successfully intercept the connection, leaving the application vulnerable to Man-in-the-Middle (MitM) attacks.

How to fix Improper Validation of Certificate with Host Mismatch?

Upgrade org.springframework.boot:spring-boot-autoconfigure to version 3.5.14, 4.0.6 or higher.

[,3.5.14)[4.0.0-M1,4.0.6)

org.springframework.boot:spring-boot-autoconfigure@4.0.3

latest version

latest non vulnerable version

first published

latest version published

licenses detected

package registry

Direct Vulnerabilities

Fix vulnerabilities automatically