VYPR

Spring Boot

by Spring Projects

Source repositories

CVEs (6)

  • CVE-2025-22235HigApr 28, 2025
    risk 0.47cvss 7.3epss 0.00

    EndpointRequest.to() creates a matcher for null/** if the actuator endpoint, for which the EndpointRequest has been created, is disabled or not exposed. Your application may be affected by this if all the following conditions are met: * You use Spring Security * …

  • CVE-2024-38807MedAug 23, 2024
    risk 0.41cvss 6.3epss 0.00

    Applications that use spring-boot-loader or spring-boot-loader-classic and contain custom code that performs signature verification of nested jar files may be vulnerable to signature forgery where content that appears to have been signed by one signer has, in fact, been signed…

  • CVE-2026-41001MedJun 11, 2026
    risk 0.27cvss 5.3epss 0.00

    Spring Boot's ArtemisEmbeddedConfigurationFactory uses a fixed, static path for the embedded Artemis message broker's data directory when no explicit path is configured. A local attacker on the same host can pre-create this predictable directory or place a symlink before the…

  • CVE-2023-34055Nov 28, 2023
    risk 0.00cvss epss 0.01

    In Spring Boot versions 2.7.0 - 2.7.17, 3.0.0-3.0.12 and 3.1.0-3.1.5, it is possible for a user to provide specially crafted HTTP requests that may cause a denial-of-service (DoS) condition. Specifically, an application is vulnerable when all of the following are true: * …

  • CVE-2023-20873Apr 20, 2023
    risk 0.00cvss epss 0.01

    In Spring Boot versions 3.0.0 - 3.0.5, 2.7.0 - 2.7.10, and older unsupported versions, an application that is deployed to Cloud Foundry could be susceptible to a security bypass. Users of affected versions should apply the following mitigation: 3.0.x users should upgrade to…

  • CVE-2019-3797May 6, 2019
    risk 0.00cvss epss 0.01

    This affects Spring Data JPA in versions up to and including 2.1.5, 2.0.13 and 1.11.19. Derived queries using any of the predicates ‘startingWith’, ‘endingWith’ or ‘containing’ could return more results than anticipated when a maliciously crafted query parameter…