Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Spring by VMware — Vulnerabilities & Security Advisories 10

Browse all 10 CVE security advisories affecting Spring by VMware. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Spring by VMware is a popular Java framework for building enterprise applications, primarily used for creating robust, scalable web services and microservices. Historically, it has been susceptible to various vulnerability classes, including remote code execution (RCE), cross-site scripting (XSS), and privilege escalation, often stemming from misconfigurations or insecure default settings. The framework's extensive ecosystem and widespread adoption have made it a target for attackers, with notable incidents including vulnerabilities in Spring Security and Spring Cloud Function that allowed unauthorized access or RCE. While VMware actively addresses these issues through patches, the 10 CVEs on record highlight the importance of proper configuration and timely updates for secure deployment.

Top products by Spring by VMware: Spring Cloud Config Spring Security Spring Batch Spring Cloud Netflix Spring Integration Spring Framework Spring Cloud Data Flow Spring Cloud Task
CVE IDTitleCVSSSeverityPublished
CVE-2020-5427 Possibility of SQL Injection in Spring Cloud Data Flow Task Execution Sorting Query — Spring Cloud Data FlowCWE-89 7.2 -2021-01-27
CVE-2020-5428 Possibility of SQL Injection in Spring Cloud Task Execution Sorting Query — Spring Cloud TaskCWE-89 6.7 -2021-01-27
CVE-2020-5421 RFD Protection Bypass via jsessionid — Spring Framework 7.9 -2020-09-19
CVE-2020-5412 Hystrix Dashboard Proxy In spring-cloud-netflix-hystrix-dashboard — Spring Cloud NetflixCWE-441 6.5 -2020-08-07
CVE-2020-5413 Kryo Configuration Allows Code Execution with Unknown "Serialization Gadgets" — Spring IntegrationCWE-502 9.8 -2020-07-31
CVE-2020-5411 Jackson Configuration Allows Code Execution with Unknown "Serialization Gadgets" — Spring BatchCWE-502 9.8 -2020-06-11
CVE-2020-5410 Directory Traversal with spring-cloud-config-server — Spring Cloud ConfigCWE-23 6.5 -2020-06-02
CVE-2020-5408 Dictionary attack with Spring Security queryable text encryptor — Spring SecurityCWE-329 4.3 -2020-05-14
CVE-2020-5407 Signature Wrapping Vulnerability with spring-security-saml2-service-provider — Spring SecurityCWE-347 8.1 -2020-05-13
CVE-2020-5405 Directory Traversal with spring-cloud-config-server — Spring Cloud ConfigCWE-23 6.5 -2020-03-05

This page lists every published CVE security advisory associated with Spring by VMware. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.