Vmware Spring_framework
15 CVEs affecting Vmware Spring_framework. Latest disclosed: 2026-04-29. Critical: 1, High: 3.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2015-5211 | Critical | 9.6 | 2017-05-25 | Under some situations, the Spring Framework 4.2.0 to 4.2.1, 4.0.0 to 4.1.7, 3.2.0 to 3.2.14 and older unsupported versions is vulnerable to a Reflected File Do… |
CVE-2014-0225 | High | 8.8 | 2017-05-25 | When processing user provided XML documents, the Spring Framework 4.0.0 to 4.0.4, 3.0.0 to 3.2.8, and possibly earlier unsupported versions did not disable by… |
CVE-2016-5007 | High | 7.5 | 2017-05-25 | Both Spring Security 3.2.x, 4.0.x, 4.1.0 and the Spring Framework 3.2.x, 4.0.x, 4.1.x, 4.2.x rely on URL pattern mappings for authorization and for mapping req… |
CVE-2016-9878 | High | 7.5 | 2016-12-29 | An issue was discovered in Pivotal Spring Framework before 3.2.18, 4.2.x before 4.2.9, and 4.3.x before 4.3.5. Paths provided to the ResourceServlet were not p… |
CVE-2026-22740 | Medium | 6.5 | 2026-04-29 | A WebFlux server application that processes multipart requests creates temp files for parts larger than 10 K. Under some circumstances, temp files may remain n… |
CVE-2015-3192 | Medium | 5.5 | 2016-07-12 | Pivotal Spring Framework before 3.2.14 and 4.x before 4.1.7 do not properly process inline DTD declarations when DTD is not entirely disabled, which allows rem… |
CVE-2026-22745 | Medium | 5.3 | 2026-04-29 | Spring MVC and WebFlux applications are vulnerable to Denial of Service attacks when resolving static resources. More precisely, an application can be vulner… |
CVE-2026-22741 | Low | 3.1 | 2026-04-29 | Spring MVC and WebFlux applications are vulnerable to cache poisoning when resolving static resources. More precisely, an application can be vulnerable when… |
CVE-2015-0201 | | 2015-03-10 | The Java SockJS client in Pivotal Spring Framework 4.1.x before 4.1.5 generates predictable session ids, which allows remote attackers to send messages to othe… | |
CVE-2014-3625 | | 2014-11-20 | Directory traversal vulnerability in Pivotal Spring Framework 3.0.4 through 3.2.x before 3.2.12, 4.0.x before 4.0.8, and 4.1.x before 4.1.2 allows remote attac… | |
CVE-2014-0054 | | 2014-04-17 | The Jaxb2RootElementHttpMessageConverter in Spring MVC in Spring Framework before 3.2.8 and 4.0.0 before 4.0.2 does not disable external entity resolution, whi… | |
CVE-2013-6429 | | 2014-01-26 | The SourceHttpMessageConverter in Spring MVC in Spring Framework before 3.2.5 and 4.0.0.M1 through 4.0.0.RC1 does not disable external entity resolution, which… | |
CVE-2013-7315 | | 2014-01-23 | The Spring MVC in Spring Framework before 3.2.4 and 4.0.0.M1 through 4.0.0.M2 does not disable external entity resolution for the StAX XMLInputFactory, which a… | |
CVE-2013-4152 | | 2014-01-23 | The Spring OXM wrapper in Spring Framework before 3.2.4 and 4.0.0.M1, when using the JAXB marshaller, does not disable entity resolution, which allows context-… | |
CVE-2011-2894 | | 2011-10-04 | Spring Framework 3.0.0 through 3.0.5, Spring Security 3.0.0 through 3.0.5 and 2.0.0 through 2.0.6, and possibly other versions deserialize objects from untrust… |