Vulnerability DB

VULNERABILITY	AFFECTS	TYPE	PUBLISHED
H Unintended Proxy or Intermediary ('Confused Deputy')	org.springframework.cloud:spring-cloud-gateway-server[,3.1.10)[4.0.0,4.1.8)[4.2.0,4.2.3)	Maven	30 May 2025
C Arbitrary Code Injection	org.springframework.cloud:spring-cloud-gateway-server[,3.0.7)[3.1.0,3.1.1)	Maven	4 Mar 2022
H HTTP Request Smuggling	org.springframework.cloud:spring-cloud-gateway-server[3.0.0,3.0.5)[,2.2.10.RELEASE)	Maven	5 Nov 2021
H Unintended Proxy or Intermediary ('Confused Deputy')	org.springframework.cloud:spring-cloud-gateway-server-mvc[,4.1.8)[4.2.0,4.2.3)	Maven	30 May 2025
H Arbitrary Code Execution	org.springframework.cloud:spring-cloud-netflix-hystrix-dashboard[,2.2.10.RELEASE)	Maven	18 Nov 2021
M Unintended Proxy or Intermediary	org.springframework.cloud:spring-cloud-netflix-hystrix-dashboard[,2.1.6.RELEASE)[2.2.0.RELEASE,2.2.4.RELEASE)	Maven	5 Aug 2020
M Improper Access Control	org.springframework.cloud:spring-cloud-netflix-zuul[,2.2.7.RELEASE)	Maven	12 Feb 2021
H Improper Restriction of Communication Channel to Intended Endpoints	org.springframework.cloud:spring-cloud-openfeign-core[3.0.0,3.0.5)[,2.2.10)	Maven	27 Oct 2021
L Remote Code Execution (RCE)	org.springframework.cloud:spring-cloud-skipper-server-core[2.11.0, 2.11.4)	Maven	25 Jul 2024
M Arbitrary File Upload	org.springframework.cloud:spring-cloud-skipper-server-core[,2.11.3)	Maven	29 May 2024
M SQL Injection	org.springframework.cloud:spring-cloud-task-core[,2.2.5)	Maven	26 Jan 2021
H Denial of Service (DoS)	org.springframework.data:spring-data-commons[, 1.13.11.RELEASE)[2.0.0.RELEASE, 2.0.6.RELEASE)	Maven	26 Apr 2018
C Arbitrary Code Execution	org.springframework.data:spring-data-commons[,1.13.11.RELEASE)[2.0.0.RELEASE,2.0.6.RELEASE)	Maven	16 Apr 2018
M Information Exposure	org.springframework.data:spring-data-jpa[,1.11.22.RELEASE)[2.0.0.RELEASE, 2.1.8.RELEASE)	Maven	18 Jul 2019
L Information Exposure	org.springframework.data:spring-data-jpa[2.0.0.RELEASE, 2.0.14.RELEASE)[2.1.0.RELEASE, 2.1.6.RELEASE)[, 1.11.20.RELEASE)	Maven	9 Apr 2019
M SQL Injection	org.springframework.data:spring-data-jpa[,1.9.6.RELEASE)[1.10.0.RELEASE,1.10.4.RELEASE)	Maven	3 Oct 2016
C SpEL Expression injection	org.springframework.data:spring-data-mongodb[,3.3.5)[3.4.0,3.4.1)	Maven	21 Jun 2022
M Information Exposure	org.springframework.data:spring-data-rest-webmvc[0,3.6.7)[3.7.0,3.7.3)	Maven	20 Sept 2022
M Information Exposure	org.springframework.data:spring-data-rest-webmvc[3.5.0,3.5.6)[,3.4.14)	Maven	27 Oct 2021
C Arbitrary Code Execution	org.springframework.data:spring-data-rest-webmvc[,2.6.7.RELEASE)	Maven	16 Apr 2018
H Arbitrary Code Execution	org.springframework.flex:spring-flex-core[0,]	Maven	21 May 2017
L Information Exposure	org.springframework.graphql:spring-graphql[1.1.0,1.1.6)[1.2.0,1.2.3)	Maven	20 Sept 2023
H HTTP Header Injection	org.springframework.hateoas:spring-hateoas[,1.5.5)[2.0.0,2.0.5)[2.1.0,2.1.1)	Maven	16 Jul 2023
H Deserialization of Untrusted Data	org.springframework.integration:spring-integration[4.3.0, 4.3.23)[5.1.0, 5.1.12)[5.2.0, 5.2.8)[5.3.0, 5.3.2)	Maven	2 Aug 2020
C XML External Entity (XXE) Injection	org.springframework.integration:spring-integration-ws[5.1.0.RELEASE,5.1.2.RELEASE)[5.0.0.RELEASE,5.0.11.RELEASE)[,4.3.19.RELEASE)	Maven	16 Jan 2019
C XML External Entity (XXE) Injection	org.springframework.integration:spring-integration-xml[5.1.0.RELEASE,5.1.2.RELEASE)[5.0.0.RELEASE,5.0.11.RELEASE)[,4.3.19.RELEASE)	Maven	16 Jan 2019
M Arbitrary File Write via Archive Extraction (Zip Slip)	org.springframework.integration:spring-integration-zip[,1.0.4.RELEASE)	Maven	28 Feb 2021
M Arbitrary File Write via Archive Extraction (Zip Slip)	org.springframework.integration:spring-integration-zip[,1.0.2.RELEASE)	Maven	16 May 2018
M Arbitrary File Write via Archive Extraction (Zip Slip)	org.springframework.integration:spring-integration-zip[,1.0.1.RELEASE)	Maven	10 May 2018
M Deserialization of Untrusted Data	org.springframework.kafka:spring-kafka[2.8.1,2.9.11)[3.0.0,3.0.10)	Maven	24 Aug 2023

APPLICATION

OPERATING SYSTEM