VMware Spring Framework 6.0.15

CPE Details

VMware Spring Framework 6.0.15
vmware
spring_framework
6.0.15
2024-02-03
00h39 +00:00
2024-02-03
00h39 +00:00
CPE NVD
Alerte pour un CPE
Restez informé de toutes modifications pour un CPE spécifique.
Gestion des notifications

CPE Name: cpe:2.3:a:vmware:spring_framework:6.0.15:*:*:*:*:*:*:*

Informations

Vendor

vmware

Product

spring_framework

Version

6.0.15

Related CVE

Open and find in CVE List

CVE ID Publié Description Score Gravité
CVE-2024-38820 2024-10-18 05h39 +00:00 The fix for CVE-2022-22968 made disallowedFields patterns in DataBinder case insensitive. However, String.toLowerCase() has some Locale dependent exceptions that could potentially result in fields not protected as expected.
5.3
Moyen
CVE-2024-22233 2024-01-22 12h16 +00:00 In Spring Framework versions 6.0.15 and 6.1.2, it is possible for a user to provide specially crafted HTTP requests that may cause a denial-of-service (DoS) condition. Specifically, an application is vulnerable when all of the following are true: * the application uses Spring MVC * Spring Security 6.1.6+ or 6.2.1+ is on the classpath Typically, Spring Boot applications need the org.springframework.boot:spring-boot-starter-web and org.springframework.boot:spring-boot-starter-security dependencies to meet all conditions.
7.5
Haute
CVE-2023-44794 2023-10-24 22h00 +00:00 An issue in Dromara SaToken version 1.36.0 and before allows a remote attacker to escalate privileges via a crafted payload to the URL.
9.8
Critique