Spring MVC and WebFlux applications are vulnerable to Information Disclosure attacks when resolving static resources. Affected versions: Spring Framework 7.0.0 through 7.0.7; 6.2.0 through 6.2.18; 6.1.0 through 6.1.27; 5.3.0 through 5.3.48.
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:NVMware Spring Framework
APPVmware5.3.0 – 5.3.49 (bez)6.1.0 – 6.1.28 (bez)6.2.0 – 6.2.19 (bez)7.0.0 – 7.0.8 (bez)
Related vulnerabilities
A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) ...
An issue in Dromara SaToken version 1.36.0 and before allows a remote attacker to escalate privileges via a cr...
Pivotal Spring Framework through 5.3.16 suffers from a potential remote code execution (RCE) issue if used for...
Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.16 and older unsupported versions,...
Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions,...