René's URL Explorer Experiment


Title: spring-context-4.3.30.RELEASE.jar: 12 vulnerabilities (highest severity is: 9.3) [master] (reachable) · Issue #38 · amaybaum-dev/BenchmarkJava · GitHub

Open Graph Title: spring-context-4.3.30.RELEASE.jar: 12 vulnerabilities (highest severity is: 9.3) [master] (reachable) · Issue #38 · amaybaum-dev/BenchmarkJava

X Title: spring-context-4.3.30.RELEASE.jar: 12 vulnerabilities (highest severity is: 9.3) [master] (reachable) · Issue #38 · amaybaum-dev/BenchmarkJava

Description: 📂 Vulnerable Library - spring-context-4.3.30.RELEASE.jar Spring Context Path to dependency file: /pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/spring-context/4.3.30.RELEASE/spring-context-4.3.3...

Open Graph Description: 📂 Vulnerable Library - spring-context-4.3.30.RELEASE.jar Spring Context Path to dependency file: /pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/spring-con...

X Description: 📂 Vulnerable Library - spring-context-4.3.30.RELEASE.jar Spring Context Path to dependency file: /pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/spring-con...

Opengraph URL: https://github.com/amaybaum-dev/BenchmarkJava/issues/38

X: @github

direct link

Domain: github.com


Hey, it has json ld scripts:
{"@context":"https://schema.org","@type":"DiscussionForumPosting","headline":"spring-context-4.3.30.RELEASE.jar: 12 vulnerabilities (highest severity is: 9.3) [master] (reachable)","articleBody":"\u003cdetails\u003e\n  \u003csummary\u003e📂 Vulnerable Library - \u003cstrong\u003espring-context-4.3.30.RELEASE.jar\u003c/strong\u003e\u003c/summary\u003e\n\nSpring Context\n\n\n\n**Path to dependency file:** /pom.xml\n\n**Path to vulnerable library:** /home/wss-scanner/.m2/repository/org/springframework/spring-context/4.3.30.RELEASE/spring-context-4.3.30.RELEASE.jar\n\n\n\u003c/details\u003e\n\n\n# Findings\n| Finding | Severity | 🎯 CVSS | Exploit Maturity | EPSS | Library | Type | Fixed in | Remediation Available | **Reachability** |\n| ------------- | ------------- | ---- | --- | ----- | ----- | ----- | --- | --- | --- |\n| [ CVE-2022-22965 ](https://www.mend.io/vulnerability-database/CVE-2022-22965) | 🟣 Critical | 9.3 | High | 94.4% | spring-beans-4.3.30.RELEASE.jar | Transitive | N/A | ❌ |\u003cimg src='https://whitesource-resources.whitesourcesoftware.com/viaGreen.png' width=20 height=22\u003e Unreachable |\n| [ CVE-2018-1271 ](https://www.mend.io/vulnerability-database/CVE-2018-1271) | 🔴 High | 8.2 | Not Defined | 91.2% | spring-core-4.3.30.RELEASE.jar | Transitive | N/A | ❌ | |\n| [ CVE-2018-1257 ](https://www.mend.io/vulnerability-database/CVE-2018-1257) | 🔴 High | 7.1 | Not Defined | 1.8% | spring-core-4.3.30.RELEASE.jar | Transitive | N/A | ❌ | |\n| [ CVE-2022-22950 ](https://www.mend.io/vulnerability-database/CVE-2022-22950) | 🔴 High | 7.1 | Not Defined | 4.1% | spring-expression-4.3.30.RELEASE.jar | Transitive | N/A | ❌ |\u003cimg src='https://whitesource-resources.whitesourcesoftware.com/viaGreen.png' width=20 height=22\u003e Unreachable |\n| [ CVE-2023-20861 ](https://www.mend.io/vulnerability-database/CVE-2023-20861) | 🔴 High | 7.1 | Not Defined | \u003c 1% | spring-expression-4.3.30.RELEASE.jar | Transitive | N/A | ❌ |\u003cimg src='https://whitesource-resources.whitesourcesoftware.com/viaGreen.png' width=20 height=22\u003e Unreachable |\n| [ CVE-2023-20863 ](https://www.mend.io/vulnerability-database/CVE-2023-20863) | 🔴 High | 7.1 | Not Defined | \u003c 1% | spring-expression-4.3.30.RELEASE.jar | Transitive | N/A | ❌ |\u003cimg src='https://whitesource-resources.whitesourcesoftware.com/viaGreen.png' width=20 height=22\u003e Unreachable |\n| [ CVE-2022-22968 ](https://www.mend.io/vulnerability-database/CVE-2022-22968) | 🟠 Medium | 6.9 | Not Defined | 16.2% | spring-context-4.3.30.RELEASE.jar | Direct | org.springframework:spring-context:5.2.21.RELEASE,org.springframework:spring-context:5.3.19 | ✅ |\u003cimg src='https://whitesource-resources.whitesourcesoftware.com/viaGreen.png' width=20 height=22\u003e Unreachable |\n| [ CVE-2022-22970 ](https://www.mend.io/vulnerability-database/CVE-2022-22970) | 🟠 Medium | 6.0 | Not Defined | \u003c 1% | spring-core-4.3.30.RELEASE.jar | Transitive | N/A | ❌ |\u003cimg src='https://whitesource-resources.whitesourcesoftware.com/viaGreen.png' width=20 height=22\u003e Unreachable |\n| [ CVE-2022-22970 ](https://www.mend.io/vulnerability-database/CVE-2022-22970) | 🟠 Medium | 6.0 | Not Defined | \u003c 1% | spring-beans-4.3.30.RELEASE.jar | Transitive | N/A | ❌ |\u003cimg src='https://whitesource-resources.whitesourcesoftware.com/viaGreen.png' width=20 height=22\u003e Unreachable |\n| [ CVE-2021-22060 ](https://www.mend.io/vulnerability-database/CVE-2021-22060) | 🟠 Medium | 5.3 | Not Defined | \u003c 1% | spring-core-4.3.30.RELEASE.jar | Transitive | N/A | ❌ |\u003cimg src='https://whitesource-resources.whitesourcesoftware.com/viaRed.png' width=20 height=22\u003e Reachable |\n| [ CVE-2021-22096 ](https://www.mend.io/vulnerability-database/CVE-2021-22096) | 🟠 Medium | 5.3 | Not Defined | \u003c 1% | spring-core-4.3.30.RELEASE.jar | Transitive | N/A | ❌ |\u003cimg src='https://whitesource-resources.whitesourcesoftware.com/viaRed.png' width=20 height=22\u003e Reachable |\n| [ CVE-2024-38820 ](https://www.mend.io/vulnerability-database/CVE-2024-38820) | 🟡 Low | 2.3 | Not Defined | \u003c 1% | spring-core-4.3.30.RELEASE.jar | Transitive | N/A | ❌ | |\n\n\n# Details\n\n\n\u003cdetails\u003e\n  \u003csummary\u003e\n 🟣CVE-2022-22965\n  \u003c/summary\u003e\n\n### Vulnerable Library - **spring-beans-4.3.30.RELEASE.jar**\n\nSpring Beans\n\n**Library home page:** [ https://projects.spring.io/spring-framework ](https://projects.spring.io/spring-framework)\n\n**Path to dependency file:** /pom.xml\n\n**Path to vulnerable library:** /home/wss-scanner/.m2/repository/org/springframework/spring-beans/4.3.30.RELEASE/spring-beans-4.3.30.RELEASE.jar\n\n\n\n**Dependency Hierarchy:**\n\n\n- spring-context-4.3.30.RELEASE.jar (Root Library)\n    - spring-aop-4.3.30.RELEASE.jar\n        - ❌  **spring-beans-4.3.30.RELEASE.jar** (Vulnerable Library)\n\n\n\n\n***\n\n### Reachability Analysis\nThe vulnerable code is unreachable\n***\n\n### Vulnerability Details\n\nA Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application is deployed as a Spring Boot executable jar, i.e. the default, it is not vulnerable to the exploit. However, the nature of the vulnerability is more general, and there may be other ways to exploit it. Converted from WS-2022-0107, on 2022-11-07.\n\n**Publish Date:** Apr 01, 2022 10:17 PM\n\n**URL:** [ CVE-2022-22965 ](https://www.mend.io/vulnerability-database/CVE-2022-22965)\n\n**Threat Assessment**\n\nExploit Maturity:High\n\nEPSS:94.4%\n\n**Score:** 9.3\n\n\n***\n### Suggested Fix\n\n**Type:** Upgrade version\n\n**Origin:** https://github.com/advisories/GHSA-36p3-wjmg-h94x\n\n**Release Date:** Apr 01, 2022 10:17 PM\n\n**Fix Resolution :** org.springframework:spring-webflux:5.2.20.RELEASE,org.springframework:spring-webflux:5.3.18,org.springframework:spring-webmvc:5.3.18,org.springframework:spring-webmvc:5.2.20.RELEASE,org.springframework:spring-beans:5.2.20.RELEASE,org.springframework.boot:spring-boot-starter-webflux:2.5.12,org.springframework.boot:spring-boot-starter-webflux:2.6.6,org.springframework:spring-beans:5.3.18,org.springframework.boot:spring-boot-starter-web:2.5.12,org.springframework.boot:spring-boot-starter-web:2.6.6\n\n\n\u003c/details\u003e\n\n\u003cdetails\u003e\n  \u003csummary\u003e\n 🔴CVE-2018-1271\n  \u003c/summary\u003e\n\n### Vulnerable Library - **spring-core-4.3.30.RELEASE.jar**\n\nSpring Core\n\n**Library home page:** [ https://projects.spring.io/spring-framework ](https://projects.spring.io/spring-framework)\n\n**Path to dependency file:** /pom.xml\n\n**Path to vulnerable library:** /home/wss-scanner/.m2/repository/org/springframework/spring-core/4.3.30.RELEASE/spring-core-4.3.30.RELEASE.jar\n\n\n\n**Dependency Hierarchy:**\n\n\n- spring-context-4.3.30.RELEASE.jar (Root Library)\n    - spring-aop-4.3.30.RELEASE.jar\n        - spring-beans-4.3.30.RELEASE.jar\n            - ❌  **spring-core-4.3.30.RELEASE.jar** (Vulnerable Library)\n\n\n\n\n***\n\n### Vulnerability Details\n\nSpring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to configure Spring MVC to serve static resources (e.g. CSS, JS, images). When static resources are served from a file system on Windows (as opposed to the classpath, or the ServletContext), a malicious user can send a request using a specially crafted URL that can lead a directory traversal attack.\n\n**Publish Date:** Apr 06, 2018 01:00 PM\n\n**URL:** [ CVE-2018-1271 ](https://www.mend.io/vulnerability-database/CVE-2018-1271)\n\n**Threat Assessment**\n\nExploit Maturity:Not Defined\n\nEPSS:91.2%\n\n**Score:** 8.2\n\n\n***\n### Suggested Fix\n\n**Type:** Upgrade version\n\n**Origin:** https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1271\n\n**Release Date:** Apr 06, 2018 01:00 PM\n\n**Fix Resolution :** org.springframework:spring-webflux:5.0.5.RELEASE,org.springframework:spring-webmvc:4.3.15.RELEASE,5.0.5.RELEASE\n\n\n\u003c/details\u003e\n\n\u003cdetails\u003e\n  \u003csummary\u003e\n 🔴CVE-2018-1257\n  \u003c/summary\u003e\n\n### Vulnerable Library - **spring-core-4.3.30.RELEASE.jar**\n\nSpring Core\n\n**Library home page:** [ https://projects.spring.io/spring-framework ](https://projects.spring.io/spring-framework)\n\n**Path to dependency file:** /pom.xml\n\n**Path to vulnerable library:** /home/wss-scanner/.m2/repository/org/springframework/spring-core/4.3.30.RELEASE/spring-core-4.3.30.RELEASE.jar\n\n\n\n**Dependency Hierarchy:**\n\n\n- spring-context-4.3.30.RELEASE.jar (Root Library)\n    - spring-aop-4.3.30.RELEASE.jar\n        - spring-beans-4.3.30.RELEASE.jar\n            - ❌  **spring-core-4.3.30.RELEASE.jar** (Vulnerable Library)\n\n\n\n\n***\n\n### Vulnerability Details\n\nSpring Framework, versions 5.0.x prior to 5.0.6, versions 4.3.x prior to 4.3.17, and older unsupported versions allows applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to the broker that can lead to a regular expression, denial of service attack.\n\n**Publish Date:** May 11, 2018 08:00 PM\n\n**URL:** [ CVE-2018-1257 ](https://www.mend.io/vulnerability-database/CVE-2018-1257)\n\n**Threat Assessment**\n\nExploit Maturity:Not Defined\n\nEPSS:1.8%\n\n**Score:** 7.1\n\n\n***\n### Suggested Fix\n\n**Type:** Upgrade version\n\n**Origin:** https://nvd.nist.gov/vuln/detail/CVE-2018-1257\n\n**Release Date:** May 11, 2018 08:00 PM\n\n**Fix Resolution :** 5.0.6,4.3.17\n\n\n\u003c/details\u003e\n\n\u003cdetails\u003e\n  \u003csummary\u003e\n 🔴CVE-2022-22950\n  \u003c/summary\u003e\n\n### Vulnerable Library - **spring-expression-4.3.30.RELEASE.jar**\n\nSpring Expression Language (SpEL)\n\n**Library home page:** [ https://projects.spring.io/spring-framework ](https://projects.spring.io/spring-framework)\n\n**Path to dependency file:** /pom.xml\n\n**Path to vulnerable library:** /home/wss-scanner/.m2/repository/org/springframework/spring-expression/4.3.30.RELEASE/spring-expression-4.3.30.RELEASE.jar\n\n\n\n**Dependency Hierarchy:**\n\n\n- spring-context-4.3.30.RELEASE.jar (Root Library)\n    - ❌  **spring-expression-4.3.30.RELEASE.jar** (Vulnerable Library)\n\n\n\n\n***\n\n### Reachability Analysis\nThe vulnerable code is unreachable\n***\n\n### Vulnerability Details\n\nn Spring Framework versions 5.3.0 - 5.3.16 and older unsupported versions, it is possible for a user to provide a specially crafted SpEL expression that may cause a denial of service condition.\n\n**Publish Date:** Apr 01, 2022 10:17 PM\n\n**URL:** [ CVE-2022-22950 ](https://www.mend.io/vulnerability-database/CVE-2022-22950)\n\n**Threat Assessment**\n\nExploit Maturity:Not Defined\n\nEPSS:4.1%\n\n**Score:** 7.1\n\n\n***\n### Suggested Fix\n\n**Type:** Upgrade version\n\n**Origin:** https://github.com/advisories/GHSA-558x-2xjg-6232\n\n**Release Date:** Apr 01, 2022 10:17 PM\n\n**Fix Resolution :** org.springframework:spring-expression:5.2.20.RELEASE,org.springframework:spring-expression:5.3.17\n\n\n\u003c/details\u003e\n\n\u003cdetails\u003e\n  \u003csummary\u003e\n 🔴CVE-2023-20861\n  \u003c/summary\u003e\n\n### Vulnerable Library - **spring-expression-4.3.30.RELEASE.jar**\n\nSpring Expression Language (SpEL)\n\n**Library home page:** [ https://projects.spring.io/spring-framework ](https://projects.spring.io/spring-framework)\n\n**Path to dependency file:** /pom.xml\n\n**Path to vulnerable library:** /home/wss-scanner/.m2/repository/org/springframework/spring-expression/4.3.30.RELEASE/spring-expression-4.3.30.RELEASE.jar\n\n\n\n**Dependency Hierarchy:**\n\n\n- spring-context-4.3.30.RELEASE.jar (Root Library)\n    - ❌  **spring-expression-4.3.30.RELEASE.jar** (Vulnerable Library)\n\n\n\n\n***\n\n### Reachability Analysis\nThe vulnerable code is unreachable\n***\n\n### Vulnerability Details\n\nIn Spring Framework versions 6.0.0 - 6.0.6, 5.3.0 - 5.3.25, 5.2.0.RELEASE - 5.2.22.RELEASE, and older unsupported versions, it is possible for a user to provide a specially crafted SpEL expression that may cause a denial-of-service (DoS) condition.\n\n**Publish Date:** Mar 23, 2023 12:00 AM\n\n**URL:** [ CVE-2023-20861 ](https://www.mend.io/vulnerability-database/CVE-2023-20861)\n\n**Threat Assessment**\n\nExploit Maturity:Not Defined\n\nEPSS:\u003c 1%\n\n**Score:** 7.1\n\n\n***\n### Suggested Fix\n\n**Type:** Upgrade version\n\n**Origin:** https://github.com/advisories/GHSA-564r-hj7v-mcr5\n\n**Release Date:** Mar 23, 2023 12:00 AM\n\n**Fix Resolution :** org.springframework:spring-expression:5.3.26,org.springframework:spring-expression:6.0.7,org.springframework:spring-expression:5.2.23.RELEASE\n\n\n\u003c/details\u003e\n\n\u003cdetails\u003e\n  \u003csummary\u003e\n 🔴CVE-2023-20863\n  \u003c/summary\u003e\n\n### Vulnerable Library - **spring-expression-4.3.30.RELEASE.jar**\n\nSpring Expression Language (SpEL)\n\n**Library home page:** [ https://projects.spring.io/spring-framework ](https://projects.spring.io/spring-framework)\n\n**Path to dependency file:** /pom.xml\n\n**Path to vulnerable library:** /home/wss-scanner/.m2/repository/org/springframework/spring-expression/4.3.30.RELEASE/spring-expression-4.3.30.RELEASE.jar\n\n\n\n**Dependency Hierarchy:**\n\n\n- spring-context-4.3.30.RELEASE.jar (Root Library)\n    - ❌  **spring-expression-4.3.30.RELEASE.jar** (Vulnerable Library)\n\n\n\n\n***\n\n### Reachability Analysis\nThe vulnerable code is unreachable\n***\n\n### Vulnerability Details\n\nIn spring framework versions prior to 5.2.24 release+ ,5.3.27+ and 6.0.8+ , it is possible for a user to provide a specially crafted SpEL expression that may cause a denial-of-service (DoS) condition.\n\n**Publish Date:** Apr 13, 2023 12:00 AM\n\n**URL:** [ CVE-2023-20863 ](https://www.mend.io/vulnerability-database/CVE-2023-20863)\n\n**Threat Assessment**\n\nExploit Maturity:Not Defined\n\nEPSS:\u003c 1%\n\n**Score:** 7.1\n\n\n***\n### Suggested Fix\n\n**Type:** Upgrade version\n\n**Origin:** https://github.com/advisories/GHSA-wxqc-pxw9-g2p8\n\n**Release Date:** Apr 13, 2023 12:00 AM\n\n**Fix Resolution :** org.springframework:spring-expression:5.3.27,org.springframework:spring-expression:5.2.24.RELEASE,org.springframework:spring-expression:6.0.8\n\n\n\u003c/details\u003e\n\n\u003cdetails\u003e\n  \u003csummary\u003e\n 🟠CVE-2022-22968\n  \u003c/summary\u003e\n\n### Vulnerable Library - **spring-context-4.3.30.RELEASE.jar**\n\nSpring Context\n\n**Library home page:** [ https://projects.spring.io/spring-framework ](https://projects.spring.io/spring-framework)\n\n**Path to dependency file:** /pom.xml\n\n**Path to vulnerable library:** /home/wss-scanner/.m2/repository/org/springframework/spring-context/4.3.30.RELEASE/spring-context-4.3.30.RELEASE.jar\n\n\n\n**Dependency Hierarchy:**\n\n\n- ❌  **spring-context-4.3.30.RELEASE.jar** (Vulnerable Library)\n\n\n\n\n***\n\n### Reachability Analysis\nThe vulnerable code is unreachable\n***\n\n### Vulnerability Details\n\nIn Spring Framework versions 5.3.0 - 5.3.18, 5.2.0 - 5.2.20, and older unsupported versions, the patterns for disallowedFields on a DataBinder are case sensitive which means a field is not effectively protected unless it is listed with both upper and lower case for the first character of the field, including upper and lower case for the first character of all nested fields within the property path.\n\n**Publish Date:** Apr 14, 2022 08:05 PM\n\n**URL:** [ CVE-2022-22968 ](https://www.mend.io/vulnerability-database/CVE-2022-22968)\n\n**Threat Assessment**\n\nExploit Maturity:Not Defined\n\nEPSS:16.2%\n\n**Score:** 6.9\n\n\n***\n### Suggested Fix\n\n**Type:** Upgrade version\n\n**Origin:** https://github.com/advisories/GHSA-g5mm-vmx4-3rg7\n\n**Release Date:** Apr 14, 2022 08:05 PM\n\n**Fix Resolution :** org.springframework:spring-context:5.2.21.RELEASE,org.springframework:spring-context:5.3.19\n\n\n\u003c/details\u003e\n\n\u003cdetails\u003e\n  \u003csummary\u003e\n 🟠CVE-2022-22970\n  \u003c/summary\u003e\n\n### Vulnerable Library - **spring-core-4.3.30.RELEASE.jar**\n\nSpring Core\n\n**Library home page:** [ https://projects.spring.io/spring-framework ](https://projects.spring.io/spring-framework)\n\n**Path to dependency file:** /pom.xml\n\n**Path to vulnerable library:** /home/wss-scanner/.m2/repository/org/springframework/spring-core/4.3.30.RELEASE/spring-core-4.3.30.RELEASE.jar\n\n\n\n**Dependency Hierarchy:**\n\n\n- spring-context-4.3.30.RELEASE.jar (Root Library)\n    - spring-aop-4.3.30.RELEASE.jar\n        - spring-beans-4.3.30.RELEASE.jar\n            - ❌  **spring-core-4.3.30.RELEASE.jar** (Vulnerable Library)\n\n\n\n\n***\n\n### Reachability Analysis\nThe vulnerable code is unreachable\n***\n\n### Vulnerability Details\n\nIn spring framework versions prior to 5.3.20+ , 5.2.22+ and old unsupported versions, applications that handle file uploads are vulnerable to DoS attack if they rely on data binding to set a MultipartFile or javax.servlet.Part to a field in a model object.\n\n**Publish Date:** May 12, 2022 07:28 PM\n\n**URL:** [ CVE-2022-22970 ](https://www.mend.io/vulnerability-database/CVE-2022-22970)\n\n**Threat Assessment**\n\nExploit Maturity:Not Defined\n\nEPSS:\u003c 1%\n\n**Score:** 6.0\n\n\n***\n### Suggested Fix\n\n**Type:** Upgrade version\n\n**Origin:** https://github.com/advisories/GHSA-hh26-6xwr-ggv7\n\n**Release Date:** May 12, 2022 07:28 PM\n\n**Fix Resolution :** org.springframework:spring-beans:5.2.22.RELEASE,org.springframework:spring-beans:5.3.20\n\n\n\u003c/details\u003e\n\n\u003cdetails\u003e\n  \u003csummary\u003e\n 🟠CVE-2022-22970\n  \u003c/summary\u003e\n\n### Vulnerable Library - **spring-beans-4.3.30.RELEASE.jar**\n\nSpring Beans\n\n**Library home page:** [ https://projects.spring.io/spring-framework ](https://projects.spring.io/spring-framework)\n\n**Path to dependency file:** /pom.xml\n\n**Path to vulnerable library:** /home/wss-scanner/.m2/repository/org/springframework/spring-beans/4.3.30.RELEASE/spring-beans-4.3.30.RELEASE.jar\n\n\n\n**Dependency Hierarchy:**\n\n\n- spring-context-4.3.30.RELEASE.jar (Root Library)\n    - spring-aop-4.3.30.RELEASE.jar\n        - ❌  **spring-beans-4.3.30.RELEASE.jar** (Vulnerable Library)\n\n\n\n\n***\n\n### Reachability Analysis\nThe vulnerable code is unreachable\n***\n\n### Vulnerability Details\n\nIn spring framework versions prior to 5.3.20+ , 5.2.22+ and old unsupported versions, applications that handle file uploads are vulnerable to DoS attack if they rely on data binding to set a MultipartFile or javax.servlet.Part to a field in a model object.\n\n**Publish Date:** May 12, 2022 07:28 PM\n\n**URL:** [ CVE-2022-22970 ](https://www.mend.io/vulnerability-database/CVE-2022-22970)\n\n**Threat Assessment**\n\nExploit Maturity:Not Defined\n\nEPSS:\u003c 1%\n\n**Score:** 6.0\n\n\n***\n### Suggested Fix\n\n**Type:** Upgrade version\n\n**Origin:** https://github.com/advisories/GHSA-hh26-6xwr-ggv7\n\n**Release Date:** May 12, 2022 07:28 PM\n\n**Fix Resolution :** org.springframework:spring-beans:5.2.22.RELEASE,org.springframework:spring-beans:5.3.20\n\n\n\u003c/details\u003e\n\n\u003cdetails\u003e\n  \u003csummary\u003e\n 🟠CVE-2021-22060\n  \u003c/summary\u003e\n\n### Vulnerable Library - **spring-core-4.3.30.RELEASE.jar**\n\nSpring Core\n\n**Library home page:** [ https://projects.spring.io/spring-framework ](https://projects.spring.io/spring-framework)\n\n**Path to dependency file:** /pom.xml\n\n**Path to vulnerable library:** /home/wss-scanner/.m2/repository/org/springframework/spring-core/4.3.30.RELEASE/spring-core-4.3.30.RELEASE.jar\n\n\n\n**Dependency Hierarchy:**\n\n\n- spring-context-4.3.30.RELEASE.jar (Root Library)\n    - spring-aop-4.3.30.RELEASE.jar\n        - spring-beans-4.3.30.RELEASE.jar\n            - ❌  **spring-core-4.3.30.RELEASE.jar** (Vulnerable Library)\n\n\n\n\n***\n\n### Reachability Analysis\nThis vulnerability is potentially reachable:\n\n```\n- org.owasp.benchmark.helpers.DataBaseServer (Application)\n    - org.springframework.http.ResponseEntity (Extension)\n        - org.springframework.http.HttpHeaders (Extension)\n            - org.springframework.http.HttpRange (Extension)\n                - org.springframework.core.io.InputStreamResource (Extension)\n                    - org.springframework.core.io.AbstractResource (Extension)\n                        - org.springframework.util.ResourceUtils (Extension)\n                            - org.springframework.util.ClassUtils (Extension)\n                                - org.springframework.util.ReflectionUtils (Extension)\n                                    - org.springframework.util.ConcurrentReferenceHashMap (Extension)\n                                        -\u003e ❌ org.springframework.util.ConcurrentReferenceHashMap$Task (Vulnerable Component)\n```\n***\n\n### Vulnerability Details\n\nIn Spring Framework versions 5.3.0 - 5.3.13, 5.2.0 - 5.2.18, and older unsupported versions, it is possible for a user to provide malicious input to cause the insertion of additional log entries. This is a follow-up to CVE-2021-22096 that protects against additional types of input and in more places of the Spring Framework codebase.\n\n**Publish Date:** Jan 07, 2022 10:39 PM\n\n**URL:** [ CVE-2021-22060 ](https://www.mend.io/vulnerability-database/CVE-2021-22060)\n\n**Threat Assessment**\n\nExploit Maturity:Not Defined\n\nEPSS:\u003c 1%\n\n**Score:** 5.3\n\n\n***\n### Suggested Fix\n\n**Type:** Upgrade version\n\n**Origin:** https://github.com/advisories/GHSA-6gf2-pvqw-37ph\n\n**Release Date:** Jan 07, 2022 10:39 PM\n\n**Fix Resolution :** org.springframework:spring-core:5.3.14\n\n\n\u003c/details\u003e\n\n\u003cdetails\u003e\n  \u003csummary\u003e\n 🟠CVE-2021-22096\n  \u003c/summary\u003e\n\n### Vulnerable Library - **spring-core-4.3.30.RELEASE.jar**\n\nSpring Core\n\n**Library home page:** [ https://projects.spring.io/spring-framework ](https://projects.spring.io/spring-framework)\n\n**Path to dependency file:** /pom.xml\n\n**Path to vulnerable library:** /home/wss-scanner/.m2/repository/org/springframework/spring-core/4.3.30.RELEASE/spring-core-4.3.30.RELEASE.jar\n\n\n\n**Dependency Hierarchy:**\n\n\n- spring-context-4.3.30.RELEASE.jar (Root Library)\n    - spring-aop-4.3.30.RELEASE.jar\n        - spring-beans-4.3.30.RELEASE.jar\n            - ❌  **spring-core-4.3.30.RELEASE.jar** (Vulnerable Library)\n\n\n\n\n***\n\n### Reachability Analysis\nThis vulnerability is potentially reachable:\n\n```\n- org.owasp.benchmark.helpers.DataBaseServer (Application)\n    - org.springframework.http.ResponseEntity (Extension)\n        - org.springframework.http.ResponseEntity$BodyBuilder (Extension)\n            - org.springframework.http.MediaType (Extension)\n                -\u003e ❌ org.springframework.util.MimeType (Vulnerable Component)\n```\n***\n\n### Vulnerability Details\n\nIn Spring Framework versions 5.3.0 - 5.3.10, 5.2.0 - 5.2.17, and older unsupported versions, it is possible for a user to provide malicious input to cause the insertion of additional log entries.\n\n**Publish Date:** Oct 28, 2021 03:22 PM\n\n**URL:** [ CVE-2021-22096 ](https://www.mend.io/vulnerability-database/CVE-2021-22096)\n\n**Threat Assessment**\n\nExploit Maturity:Not Defined\n\nEPSS:\u003c 1%\n\n**Score:** 5.3\n\n\n***\n### Suggested Fix\n\n**Type:** Upgrade version\n\n**Origin:** \n\n**Release Date:** \n\n**Fix Resolution :** \n\n\n\u003c/details\u003e\n\n\u003cdetails\u003e\n  \u003csummary\u003e\n 🟡CVE-2024-38820\n  \u003c/summary\u003e\n\n### Vulnerable Library - **spring-core-4.3.30.RELEASE.jar**\n\nSpring Core\n\n**Library home page:** [ https://projects.spring.io/spring-framework ](https://projects.spring.io/spring-framework)\n\n**Path to dependency file:** /pom.xml\n\n**Path to vulnerable library:** /home/wss-scanner/.m2/repository/org/springframework/spring-core/4.3.30.RELEASE/spring-core-4.3.30.RELEASE.jar\n\n\n\n**Dependency Hierarchy:**\n\n\n- spring-context-4.3.30.RELEASE.jar (Root Library)\n    - spring-aop-4.3.30.RELEASE.jar\n        - spring-beans-4.3.30.RELEASE.jar\n            - ❌  **spring-core-4.3.30.RELEASE.jar** (Vulnerable Library)\n\n\n\n\n***\n\n### Vulnerability Details\n\nThe fix for CVE-2022-22968 made disallowedFields patterns in DataBinder case insensitive. However, String.toLowerCase() has some Locale dependent exceptions that could potentially result in fields not protected as expected.\n\n**Publish Date:** Oct 18, 2024 05:39 AM\n\n**URL:** [ CVE-2024-38820 ](https://www.mend.io/vulnerability-database/CVE-2024-38820)\n\n**Threat Assessment**\n\nExploit Maturity:Not Defined\n\nEPSS:\u003c 1%\n\n**Score:** 2.3\n\n\n***\n### Suggested Fix\n\n**Type:** Upgrade version\n\n**Origin:** https://github.com/advisories/GHSA-4gc7-5j7h-4qph\n\n**Release Date:** Oct 18, 2024 05:39 AM\n\n**Fix Resolution :** org.springframework:spring-context:6.1.14\n\n\n\u003c/details\u003e\n\n[comment]: \u003c\u003e (\u003cMEND_ISSUE_METADATA\u003e{\"identifier\":\"spring-context-4.3.30.RELEASE.jar\",\"repoName\":\"BenchmarkJava\",\"branchName\":\"master\",\"type\":\"SCA_DEP\"}\u003c/MEND_ISSUE_METADATA\u003e)","author":{"url":"https://github.com/mend-developer-platform-dev[bot]","@type":"Person","name":"mend-developer-platform-dev[bot]"},"datePublished":"2025-09-28T05:43:41.000Z","interactionStatistic":{"@type":"InteractionCounter","interactionType":"https://schema.org/CommentAction","userInteractionCount":0},"url":"https://github.com/38/BenchmarkJava/issues/38"}

route-pattern/_view_fragments/issues/show/:user_id/:repository/:id/issue_layout(.:format)
route-controllervoltron_issues_fragments
route-actionissue_layout
fetch-noncev2:abf1e4d1-3048-002e-ca4e-4f955706e585
current-catalog-service-hash81bb79d38c15960b92d99bca9288a9108c7a47b18f2423d0f6438c5b7bcd2114
request-idAF4E:2F87BF:9D04D6:D6B374:6A5201D3
html-safe-nonce2ec207dacc052d517823c131e29d2b02a4d2757d7cd3a71210c369d9f99dd424
visitor-payloadeyJyZWZlcnJlciI6IiIsInJlcXVlc3RfaWQiOiJBRjRFOjJGODdCRjo5RDA0RDY6RDZCMzc0OjZBNTIwMUQzIiwidmlzaXRvcl9pZCI6IjIyNTg1Mzg2NzgxNTk5MzgxMSIsInJlZ2lvbl9lZGdlIjoiaWFkIiwicmVnaW9uX3JlbmRlciI6ImlhZCJ9
visitor-hmac9a4e2f50d248a4d0581ff09f110490770f5b87b1399fad29f9b0b4aae5aa04e6
hovercard-subject-tagissue:3461119539
github-keyboard-shortcutsrepository,issues,copilot
google-site-verificationApib7-x98H0j5cPqHWwSMm6dNU4GmODRoqxLiDzdx9I
octolytics-urlhttps://collector.github.com/github/collect
analytics-location///voltron/issues_fragments/issue_layout
fb:app_id1401488693436528
apple-itunes-appapp-id=1477376905, app-argument=https://github.com/_view_fragments/issues/show/amaybaum-dev/BenchmarkJava/38/issue_layout
twitter:imagehttps://opengraph.githubassets.com/e71663ce22209f084aec61b46307a353cbe1d678a930060ed13d73785184568e/amaybaum-dev/BenchmarkJava/issues/38
twitter:cardsummary_large_image
og:imagehttps://opengraph.githubassets.com/e71663ce22209f084aec61b46307a353cbe1d678a930060ed13d73785184568e/amaybaum-dev/BenchmarkJava/issues/38
og:image:alt📂 Vulnerable Library - spring-context-4.3.30.RELEASE.jar Spring Context Path to dependency file: /pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/spring-con...
og:image:width1200
og:image:height600
og:site_nameGitHub
og:typeobject
og:author:usernamemend-developer-platform-dev[bot]
hostnamegithub.com
expected-hostnamegithub.com
Noneb9a586c06a05a7a86fc7e3f4dbd03e42f6869085879aa184aa6369456dbd50fb
turbo-cache-controlno-preview
go-importgithub.com/amaybaum-dev/BenchmarkJava git https://github.com/amaybaum-dev/BenchmarkJava.git
octolytics-dimension-user_id29013484
octolytics-dimension-user_loginamaybaum-dev
octolytics-dimension-repository_id619308890
octolytics-dimension-repository_nwoamaybaum-dev/BenchmarkJava
octolytics-dimension-repository_publictrue
octolytics-dimension-repository_is_forktrue
octolytics-dimension-repository_parent_id33565372
octolytics-dimension-repository_parent_nwoOWASP-Benchmark/BenchmarkJava
octolytics-dimension-repository_network_root_id33565372
octolytics-dimension-repository_network_root_nwoOWASP-Benchmark/BenchmarkJava
turbo-body-classeslogged-out env-production page-responsive
disable-turbofalse
browser-stats-urlhttps://api.github.com/_private/browser/stats
browser-errors-urlhttps://api.github.com/_private/browser/errors
release7aed05249554b889eb33d002851a973eebcc7e91
ui-targetfull
theme-color#1e2327
color-schemelight dark

Links:

Skip to contenthttps://github.com/amaybaum-dev/BenchmarkJava/issues/38#start-of-content
https://github.com/
Sign in https://github.com/login?return_to=https%3A%2F%2Fgithub.com%2Famaybaum-dev%2FBenchmarkJava%2Fissues%2F38
GitHub CopilotWrite better code with AIhttps://github.com/features/copilot
GitHub Copilot appDirect agents from issue to mergehttps://github.com/features/ai/github-app
MCP RegistryNewIntegrate external toolshttps://github.com/mcp
ActionsAutomate any workflowhttps://github.com/features/actions
CodespacesInstant dev environmentshttps://github.com/features/codespaces
IssuesPlan and track workhttps://github.com/features/issues
Code ReviewManage code changeshttps://github.com/features/code-review
GitHub Advanced SecurityFind and fix vulnerabilitieshttps://github.com/security/advanced-security
Code securitySecure your code as you buildhttps://github.com/security/advanced-security/code-security
Secret protectionStop leaks before they starthttps://github.com/security/advanced-security/secret-protection
Why GitHubhttps://github.com/why-github
Documentationhttps://docs.github.com
Bloghttps://github.blog
Changeloghttps://github.blog/changelog
Marketplacehttps://github.com/marketplace
View all featureshttps://github.com/features
Enterpriseshttps://github.com/enterprise
Small and medium teamshttps://github.com/team
Startupshttps://github.com/enterprise/startups
Nonprofitshttps://github.com/solutions/industry/nonprofits
App Modernizationhttps://github.com/solutions/use-case/app-modernization
DevSecOpshttps://github.com/solutions/use-case/devsecops
DevOpshttps://github.com/solutions/use-case/devops
CI/CDhttps://github.com/solutions/use-case/ci-cd
View all use caseshttps://github.com/solutions/use-case
Healthcarehttps://github.com/solutions/industry/healthcare
Financial serviceshttps://github.com/solutions/industry/financial-services
Manufacturinghttps://github.com/solutions/industry/manufacturing
Governmenthttps://github.com/solutions/industry/government
View all industrieshttps://github.com/solutions/industry
View all solutionshttps://github.com/solutions
AIhttps://github.com/resources/articles?topic=ai
Software Developmenthttps://github.com/resources/articles?topic=software-development
DevOpshttps://github.com/resources/articles?topic=devops
Securityhttps://github.com/resources/articles?topic=security
View all topicshttps://github.com/resources/articles
Customer storieshttps://github.com/customer-stories
Events & webinarshttps://github.com/resources/events
Ebooks & reportshttps://github.com/resources/whitepapers
Business insightshttps://github.com/solutions/executive-insights
GitHub Skillshttps://skills.github.com
Documentationhttps://docs.github.com
Customer supporthttps://support.github.com
Community forumhttps://github.com/orgs/community/discussions
Trust centerhttps://github.com/trust-center
Partnershttps://github.com/partners
View all resourceshttps://github.com/resources
GitHub SponsorsFund open source developershttps://github.com/open-source/sponsors
Security Labhttps://securitylab.github.com
Maintainer Communityhttps://maintainers.github.com
Acceleratorhttps://github.com/open-source/accelerator
GitHub Starshttps://stars.github.com
Archive Programhttps://archiveprogram.github.com
Topicshttps://github.com/topics
Trendinghttps://github.com/trending
Collectionshttps://github.com/collections
Enterprise platformAI-powered developer platformhttps://github.com/enterprise
GitHub Advanced SecurityEnterprise-grade security featureshttps://github.com/security/advanced-security
Copilot for BusinessEnterprise-grade AI featureshttps://github.com/features/copilot/copilot-business
Premium SupportEnterprise-grade 24/7 supporthttps://github.com/enterprise/premium-support
Pricinghttps://github.com/pricing
Search syntax tipshttps://docs.github.com/search-github/github-code-search/understanding-github-code-search-syntax
documentationhttps://docs.github.com/search-github/github-code-search/understanding-github-code-search-syntax
Sign in https://github.com/login?return_to=https%3A%2F%2Fgithub.com%2Famaybaum-dev%2FBenchmarkJava%2Fissues%2F38
Sign up https://github.com/signup?ref_cta=Sign+up&ref_loc=header+logged+out&ref_page=%2F%3Cuser-name%3E%2F%3Crepo-name%3E%2Fvoltron%2Fissues_fragments%2Fissue_layout&source=header-repo&source_repo=amaybaum-dev%2FBenchmarkJava
Reloadhttps://github.com/amaybaum-dev/BenchmarkJava/issues/38
Reloadhttps://github.com/amaybaum-dev/BenchmarkJava/issues/38
Reloadhttps://github.com/amaybaum-dev/BenchmarkJava/issues/38
Please reload this pagehttps://github.com/amaybaum-dev/BenchmarkJava/issues/38
amaybaum-dev https://github.com/amaybaum-dev
BenchmarkJavahttps://github.com/amaybaum-dev/BenchmarkJava
OWASP-Benchmark/BenchmarkJavahttps://github.com/OWASP-Benchmark/BenchmarkJava
Notifications https://github.com/login?return_to=%2Famaybaum-dev%2FBenchmarkJava
Fork 0 https://github.com/login?return_to=%2Famaybaum-dev%2FBenchmarkJava
Star 0 https://github.com/login?return_to=%2Famaybaum-dev%2FBenchmarkJava
Code https://github.com/amaybaum-dev/BenchmarkJava
Issues 24 https://github.com/amaybaum-dev/BenchmarkJava/issues
Pull requests 9 https://github.com/amaybaum-dev/BenchmarkJava/pulls
Actions https://github.com/amaybaum-dev/BenchmarkJava/actions
Projects https://github.com/amaybaum-dev/BenchmarkJava/projects
Security and quality 0 https://github.com/amaybaum-dev/BenchmarkJava/security
Insights https://github.com/amaybaum-dev/BenchmarkJava/pulse
Code https://github.com/amaybaum-dev/BenchmarkJava
Issues https://github.com/amaybaum-dev/BenchmarkJava/issues
Pull requests https://github.com/amaybaum-dev/BenchmarkJava/pulls
Actions https://github.com/amaybaum-dev/BenchmarkJava/actions
Projects https://github.com/amaybaum-dev/BenchmarkJava/projects
Security and quality https://github.com/amaybaum-dev/BenchmarkJava/security
Insights https://github.com/amaybaum-dev/BenchmarkJava/pulse
spring-context-4.3.30.RELEASE.jar: 12 vulnerabilities (highest severity is: 9.3) [master] (reachable)https://github.com/amaybaum-dev/BenchmarkJava/issues/38#top
https://github.com/apps/mend-developer-platform-dev
mend-developer-platform-devhttps://github.com/apps/mend-developer-platform-dev
on Sep 28, 2025https://github.com/amaybaum-dev/BenchmarkJava/issues/38#issue-3461119539
CVE-2022-22965 https://www.mend.io/vulnerability-database/CVE-2022-22965
https://camo.githubusercontent.com/0d8454821575ec09d0c178651af426207e03ce995984bd236a02b2fcb856002e/68747470733a2f2f7768697465736f757263652d7265736f75726365732e7768697465736f75726365736f6674776172652e636f6d2f766961477265656e2e706e67
CVE-2018-1271 https://www.mend.io/vulnerability-database/CVE-2018-1271
CVE-2018-1257 https://www.mend.io/vulnerability-database/CVE-2018-1257
CVE-2022-22950 https://www.mend.io/vulnerability-database/CVE-2022-22950
https://camo.githubusercontent.com/0d8454821575ec09d0c178651af426207e03ce995984bd236a02b2fcb856002e/68747470733a2f2f7768697465736f757263652d7265736f75726365732e7768697465736f75726365736f6674776172652e636f6d2f766961477265656e2e706e67
CVE-2023-20861 https://www.mend.io/vulnerability-database/CVE-2023-20861
https://camo.githubusercontent.com/0d8454821575ec09d0c178651af426207e03ce995984bd236a02b2fcb856002e/68747470733a2f2f7768697465736f757263652d7265736f75726365732e7768697465736f75726365736f6674776172652e636f6d2f766961477265656e2e706e67
CVE-2023-20863 https://www.mend.io/vulnerability-database/CVE-2023-20863
https://camo.githubusercontent.com/0d8454821575ec09d0c178651af426207e03ce995984bd236a02b2fcb856002e/68747470733a2f2f7768697465736f757263652d7265736f75726365732e7768697465736f75726365736f6674776172652e636f6d2f766961477265656e2e706e67
CVE-2022-22968 https://www.mend.io/vulnerability-database/CVE-2022-22968
https://camo.githubusercontent.com/0d8454821575ec09d0c178651af426207e03ce995984bd236a02b2fcb856002e/68747470733a2f2f7768697465736f757263652d7265736f75726365732e7768697465736f75726365736f6674776172652e636f6d2f766961477265656e2e706e67
CVE-2022-22970 https://www.mend.io/vulnerability-database/CVE-2022-22970
https://camo.githubusercontent.com/0d8454821575ec09d0c178651af426207e03ce995984bd236a02b2fcb856002e/68747470733a2f2f7768697465736f757263652d7265736f75726365732e7768697465736f75726365736f6674776172652e636f6d2f766961477265656e2e706e67
CVE-2022-22970 https://www.mend.io/vulnerability-database/CVE-2022-22970
https://camo.githubusercontent.com/0d8454821575ec09d0c178651af426207e03ce995984bd236a02b2fcb856002e/68747470733a2f2f7768697465736f757263652d7265736f75726365732e7768697465736f75726365736f6674776172652e636f6d2f766961477265656e2e706e67
CVE-2021-22060 https://www.mend.io/vulnerability-database/CVE-2021-22060
https://camo.githubusercontent.com/275a4487400571fbc1241101dbe0e5e29fe288995ada2ab7d7f3ffa1f12e8367/68747470733a2f2f7768697465736f757263652d7265736f75726365732e7768697465736f75726365736f6674776172652e636f6d2f7669615265642e706e67
CVE-2021-22096 https://www.mend.io/vulnerability-database/CVE-2021-22096
https://camo.githubusercontent.com/275a4487400571fbc1241101dbe0e5e29fe288995ada2ab7d7f3ffa1f12e8367/68747470733a2f2f7768697465736f757263652d7265736f75726365732e7768697465736f75726365736f6674776172652e636f6d2f7669615265642e706e67
CVE-2024-38820 https://www.mend.io/vulnerability-database/CVE-2024-38820
CVE-2022-22965https://github.com/advisories/GHSA-36p3-wjmg-h94x
https://projects.spring.io/spring-framework https://projects.spring.io/spring-framework
CVE-2022-22965 https://www.mend.io/vulnerability-database/CVE-2022-22965
GHSA-36p3-wjmg-h94xhttps://github.com/advisories/GHSA-36p3-wjmg-h94x
CVE-2018-1271https://github.com/advisories/GHSA-g8hw-794c-4j9g
https://projects.spring.io/spring-framework https://projects.spring.io/spring-framework
CVE-2018-1271 https://www.mend.io/vulnerability-database/CVE-2018-1271
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1271https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1271
CVE-2018-1257https://github.com/advisories/GHSA-rcpf-vj53-7h2m
https://projects.spring.io/spring-framework https://projects.spring.io/spring-framework
CVE-2018-1257 https://www.mend.io/vulnerability-database/CVE-2018-1257
https://nvd.nist.gov/vuln/detail/CVE-2018-1257https://nvd.nist.gov/vuln/detail/CVE-2018-1257
CVE-2022-22950https://github.com/advisories/GHSA-558x-2xjg-6232
https://projects.spring.io/spring-framework https://projects.spring.io/spring-framework
CVE-2022-22950 https://www.mend.io/vulnerability-database/CVE-2022-22950
GHSA-558x-2xjg-6232https://github.com/advisories/GHSA-558x-2xjg-6232
CVE-2023-20861https://github.com/advisories/GHSA-564r-hj7v-mcr5
https://projects.spring.io/spring-framework https://projects.spring.io/spring-framework
CVE-2023-20861 https://www.mend.io/vulnerability-database/CVE-2023-20861
GHSA-564r-hj7v-mcr5https://github.com/advisories/GHSA-564r-hj7v-mcr5
CVE-2023-20863https://github.com/advisories/GHSA-wxqc-pxw9-g2p8
https://projects.spring.io/spring-framework https://projects.spring.io/spring-framework
CVE-2023-20863 https://www.mend.io/vulnerability-database/CVE-2023-20863
GHSA-wxqc-pxw9-g2p8https://github.com/advisories/GHSA-wxqc-pxw9-g2p8
CVE-2022-22968https://github.com/advisories/GHSA-g5mm-vmx4-3rg7
https://projects.spring.io/spring-framework https://projects.spring.io/spring-framework
CVE-2022-22968 https://www.mend.io/vulnerability-database/CVE-2022-22968
GHSA-g5mm-vmx4-3rg7https://github.com/advisories/GHSA-g5mm-vmx4-3rg7
CVE-2022-22970https://github.com/advisories/GHSA-hh26-6xwr-ggv7
https://projects.spring.io/spring-framework https://projects.spring.io/spring-framework
CVE-2022-22970 https://www.mend.io/vulnerability-database/CVE-2022-22970
GHSA-hh26-6xwr-ggv7https://github.com/advisories/GHSA-hh26-6xwr-ggv7
CVE-2022-22970https://github.com/advisories/GHSA-hh26-6xwr-ggv7
https://projects.spring.io/spring-framework https://projects.spring.io/spring-framework
CVE-2022-22970 https://www.mend.io/vulnerability-database/CVE-2022-22970
GHSA-hh26-6xwr-ggv7https://github.com/advisories/GHSA-hh26-6xwr-ggv7
CVE-2021-22060https://github.com/advisories/GHSA-6gf2-pvqw-37ph
https://projects.spring.io/spring-framework https://projects.spring.io/spring-framework
CVE-2021-22096https://github.com/advisories/GHSA-rfmp-97jj-h8m6
CVE-2021-22060 https://www.mend.io/vulnerability-database/CVE-2021-22060
GHSA-6gf2-pvqw-37phhttps://github.com/advisories/GHSA-6gf2-pvqw-37ph
CVE-2021-22096https://github.com/advisories/GHSA-rfmp-97jj-h8m6
https://projects.spring.io/spring-framework https://projects.spring.io/spring-framework
CVE-2021-22096 https://www.mend.io/vulnerability-database/CVE-2021-22096
CVE-2024-38820https://github.com/advisories/GHSA-4gc7-5j7h-4qph
https://projects.spring.io/spring-framework https://projects.spring.io/spring-framework
CVE-2022-22968https://github.com/advisories/GHSA-g5mm-vmx4-3rg7
CVE-2024-38820 https://www.mend.io/vulnerability-database/CVE-2024-38820
GHSA-4gc7-5j7h-4qphhttps://github.com/advisories/GHSA-4gc7-5j7h-4qph
https://github.com
Termshttps://docs.github.com/site-policy/github-terms/github-terms-of-service
Privacyhttps://docs.github.com/site-policy/privacy-policies/github-privacy-statement
Securityhttps://github.com/security
Statushttps://www.githubstatus.com/
Communityhttps://github.community/
Docshttps://docs.github.com/
Contacthttps://support.github.com?tags=dotcom-footer

Viewport: width=device-width


URLs of crawlers that visited me.