Maven package
org.springframework/spring-messaging
pkg:maven/org.springframework/spring-messaging
Vulnerabilities (3)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2022-22971 | — | >= 5.3.0, < 5.3.20 | 5.3.20 | May 12, 2022 | In spring framework versions prior to 5.3.20+ , 5.2.22+ and old unsupported versions, application with a STOMP over WebSocket endpoint is vulnerable to a denial of service attack by an authenticated user. | ||
| CVE-2018-1275 | — | < 4.3.16.RELEASE | 4.3.16.RELEASE | Apr 11, 2018 | Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.16 and older unsupported versions, allow applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can | ||
| CVE-2018-1270 | — | >= 5.0.0.RELEASE, < 5.0.5.RELEASE | 5.0.5.RELEASE | Apr 6, 2018 | Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can |
- CVE-2022-22971May 12, 2022affected >= 5.3.0, < 5.3.20fixed 5.3.20
In spring framework versions prior to 5.3.20+ , 5.2.22+ and old unsupported versions, application with a STOMP over WebSocket endpoint is vulnerable to a denial of service attack by an authenticated user.
- CVE-2018-1275Apr 11, 2018affected < 4.3.16.RELEASEfixed 4.3.16.RELEASE
Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.16 and older unsupported versions, allow applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can
- CVE-2018-1270Apr 6, 2018affected >= 5.0.0.RELEASE, < 5.0.5.RELEASEfixed 5.0.5.RELEASE
Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can