VYPR

Maven package

org.springframework.boot/spring-boot-starter-web

pkg:maven/org.springframework.boot/spring-boot-starter-web

Vulnerabilities (1)

  • CVE-2022-22965KEVApr 1, 2022
    affected < 2.5.12fixed 2.5.12

    A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application is deployed as a Spring Boot executable jar, i.e.