VYPR
Medium severity6.5NVD Advisory· Published May 11, 2018· Updated Jun 17, 2026

CVE-2018-1257

CVE-2018-1257

Description

Spring Framework, versions 5.0.x prior to 5.0.6, versions 4.3.x prior to 4.3.17, and older unsupported versions allows applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to the broker that can lead to a regular expression, denial of service attack.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
org.springframework:spring-coreMaven
>= 5.0.0, < 5.0.65.0.6
org.springframework:spring-coreMaven
< 4.3.174.3.17

Affected products

2

Patches

Vulnerability mechanics

References

15

News mentions

0

No linked articles in our index yet.