Spring Security Advisories

RSS feed

This page lists Spring advisories.

CVE-2018-1273: RCE with Spring Data Commons

CRITICAL | APRIL 10, 2018 | CVE-2018-1273
Description Affected Spring Products and Versions Mitigation Credit This issue was identified and responsibly reported by Philippe Arteau, GoSecure Inc. References https://jira.spring.io/browse/DATACMNS-1282 https://github.com/spring-projects/spring-data…

CVE-2018-1274: Denial of Service with Spring Data

CRITICAL | APRIL 10, 2018 | CVE-2018-1274
Description Affected Spring Products and Versions Mitigation Credit This issue was identified and responsibly reported by Yevhenii Hrushka (Yevgeniy Grushka), Fortify Webinspect. References https://jira.spring.io/browse/DATACMNS-1285 https://github.com/spring…

CVE-2018-1275: Address partial fix for CVE-2018-1270

CRITICAL | APRIL 09, 2018 | CVE-2018-1275
Description Affected Spring Products and Versions Mitigation Credit This original issue CVE-2018-1270 was identified and responsibly reported by Alvaro Muñoz (@pwntester), Micro Focus Fortify. The subsequent CVE-2018-1275 partial fix was identified and…

CVE-2018-1229: Stored XSS in file upload of Spring Batch Admin

LOW | MARCH 16, 2018 | CVE-2018-1229
Description Affected Spring Products and Versions Mitigation Credit This vulnerability was responsibly reported by Wen Bin Kong. References https://docs.spring.io/spring-batch-admin https://github.com/spring-projects/spring-batch-admin/blob/master/MIGRATION.md…

Reporting a vulnerability

To report a security vulnerability for a project within the Spring portfolio, see the Security Policy

Get ahead

VMware offers training and certification to turbo-charge your progress.

Learn more

Get support

Tanzu Spring offers support and binaries for OpenJDK™, Spring, and Apache Tomcat® in one simple subscription.

Learn more

Upcoming events

Check out all the upcoming events in the Spring community.

View all