Browse all 9 CVE security advisories affecting Spring by Pivotal. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Spring is an open-source Java framework primarily used for building enterprise applications. Historically, it has been vulnerable to remote code execution, cross-site scripting, and privilege escalation flaws, often through misconfigurations or insecure default settings. The framework's extensive ecosystem and widespread adoption have made it a target for attackers. Notable security characteristics include its dependency on third-party libraries and frequent security updates. While no major incidents have been widely documented, the 9 CVEs on record highlight potential risks, particularly in versions prior to recent security hardening efforts. Proper configuration and timely patching remain critical for secure deployment.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2018-15801 | Authorization Bypass During JWT Issuer Validation with spring-security — Spring Security | 7.4 | - | 2018-12-19 |
| CVE-2018-1274 | Spring Data Commons 安全漏洞 — Spring Framework | 7.5 | - | 2018-04-18 |
| CVE-2018-1273 | Pivotal Software Spring Data Commons和Spring Data REST 输入验证错误漏洞 — Spring FrameworkCWE-94 | 9.8 | - | 2018-04-11 |
| CVE-2018-1275 | Pivotal Spring Framework 安全漏洞 — Spring FrameworkCWE-94 | 9.8 | - | 2018-04-11 |
| CVE-2018-1270 | Pivotal Software Spring Framework 代码注入漏洞 — Spring FrameworkCWE-94 | 9.8 | - | 2018-04-06 |
| CVE-2018-1271 | Pivotal Spring Framework 路径遍历漏洞 — Spring FrameworkCWE-22 | 5.9 | - | 2018-04-06 |
| CVE-2018-1272 | Pivotal Spring Framework 权限许可和访问控制问题漏洞 — Spring Framework | 6.8 | - | 2018-04-06 |
| CVE-2018-1229 | Pivotal Spring Batch Admin 跨站脚本漏洞 — Spring Batch AdminCWE-79 | 6.1 | - | 2018-03-21 |
| CVE-2018-1230 | Pivotal Spring Batch Admin 跨站请求伪造漏洞 — Spring Batch AdminCWE-352 | 8.8 | - | 2018-03-21 |
This page lists every published CVE security advisory associated with Spring by Pivotal. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.