spring-context-4.3.30.RELEASE.jar: 12 vulnerabilities (highest severity is: 9.3) [master] (reachable) #38
Description
📂 Vulnerable Library - spring-context-4.3.30.RELEASE.jar
Spring Context
Path to dependency file: /pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/spring-context/4.3.30.RELEASE/spring-context-4.3.30.RELEASE.jar
Findings
| Finding | Severity | 🎯 CVSS | Exploit Maturity | EPSS | Library | Type | Fixed in | Remediation Available | Reachability |
|---|---|---|---|---|---|---|---|---|---|
| CVE-2022-22965 | 🟣 Critical | 9.3 | High | 94.4% | spring-beans-4.3.30.RELEASE.jar | Transitive | N/A | ❌ |  Unreachable |
| CVE-2018-1271 | 🔴 High | 8.2 | Not Defined | 91.2% | spring-core-4.3.30.RELEASE.jar | Transitive | N/A | ❌ | |
| CVE-2018-1257 | 🔴 High | 7.1 | Not Defined | 1.8% | spring-core-4.3.30.RELEASE.jar | Transitive | N/A | ❌ | |
| CVE-2022-22950 | 🔴 High | 7.1 | Not Defined | 4.1% | spring-expression-4.3.30.RELEASE.jar | Transitive | N/A | ❌ | Unreachable |
| CVE-2023-20861 | 🔴 High | 7.1 | Not Defined | < 1% | spring-expression-4.3.30.RELEASE.jar | Transitive | N/A | ❌ | Unreachable |
| CVE-2023-20863 | 🔴 High | 7.1 | Not Defined | < 1% | spring-expression-4.3.30.RELEASE.jar | Transitive | N/A | ❌ | Unreachable |
| CVE-2022-22968 | 🟠 Medium | 6.9 | Not Defined | 16.2% | spring-context-4.3.30.RELEASE.jar | Direct | org.springframework:spring-context:5.2.21.RELEASE,org.springframework:spring-context:5.3.19 | ✅ | Unreachable |
| CVE-2022-22970 | 🟠 Medium | 6.0 | Not Defined | < 1% | spring-core-4.3.30.RELEASE.jar | Transitive | N/A | ❌ | Unreachable |
| CVE-2022-22970 | 🟠 Medium | 6.0 | Not Defined | < 1% | spring-beans-4.3.30.RELEASE.jar | Transitive | N/A | ❌ | Unreachable |
| CVE-2021-22060 | 🟠 Medium | 5.3 | Not Defined | < 1% | spring-core-4.3.30.RELEASE.jar | Transitive | N/A | ❌ |  Reachable |
| CVE-2021-22096 | 🟠 Medium | 5.3 | Not Defined | < 1% | spring-core-4.3.30.RELEASE.jar | Transitive | N/A | ❌ | Reachable |
| CVE-2024-38820 | 🟡 Low | 2.3 | Not Defined | < 1% | spring-core-4.3.30.RELEASE.jar | Transitive | N/A | ❌ |
Details
🟣CVE-2022-22965
Vulnerable Library - spring-beans-4.3.30.RELEASE.jar
Spring Beans
Library home page: https://projects.spring.io/spring-framework
Path to dependency file: /pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/spring-beans/4.3.30.RELEASE/spring-beans-4.3.30.RELEASE.jar
Dependency Hierarchy:
- spring-context-4.3.30.RELEASE.jar (Root Library)
- spring-aop-4.3.30.RELEASE.jar
- ❌ spring-beans-4.3.30.RELEASE.jar (Vulnerable Library)
- spring-aop-4.3.30.RELEASE.jar
Reachability Analysis
The vulnerable code is unreachable
Vulnerability Details
A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application is deployed as a Spring Boot executable jar, i.e. the default, it is not vulnerable to the exploit. However, the nature of the vulnerability is more general, and there may be other ways to exploit it. Converted from WS-2022-0107, on 2022-11-07.
Publish Date: Apr 01, 2022 10:17 PM
URL: CVE-2022-22965
Threat Assessment
Exploit Maturity:High
EPSS:94.4%
Score: 9.3
Suggested Fix
Type: Upgrade version
Origin: GHSA-36p3-wjmg-h94x
Release Date: Apr 01, 2022 10:17 PM
Fix Resolution : org.springframework:spring-webflux:5.2.20.RELEASE,org.springframework:spring-webflux:5.3.18,org.springframework:spring-webmvc:5.3.18,org.springframework:spring-webmvc:5.2.20.RELEASE,org.springframework:spring-beans:5.2.20.RELEASE,org.springframework.boot:spring-boot-starter-webflux:2.5.12,org.springframework.boot:spring-boot-starter-webflux:2.6.6,org.springframework:spring-beans:5.3.18,org.springframework.boot:spring-boot-starter-web:2.5.12,org.springframework.boot:spring-boot-starter-web:2.6.6
🔴CVE-2018-1271
Vulnerable Library - spring-core-4.3.30.RELEASE.jar
Spring Core
Library home page: https://projects.spring.io/spring-framework
Path to dependency file: /pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/spring-core/4.3.30.RELEASE/spring-core-4.3.30.RELEASE.jar
Dependency Hierarchy:
- spring-context-4.3.30.RELEASE.jar (Root Library)
- spring-aop-4.3.30.RELEASE.jar
- spring-beans-4.3.30.RELEASE.jar
- ❌ spring-core-4.3.30.RELEASE.jar (Vulnerable Library)
- spring-beans-4.3.30.RELEASE.jar
- spring-aop-4.3.30.RELEASE.jar
Vulnerability Details
Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to configure Spring MVC to serve static resources (e.g. CSS, JS, images). When static resources are served from a file system on Windows (as opposed to the classpath, or the ServletContext), a malicious user can send a request using a specially crafted URL that can lead a directory traversal attack.
Publish Date: Apr 06, 2018 01:00 PM
URL: CVE-2018-1271
Threat Assessment
Exploit Maturity:Not Defined
EPSS:91.2%
Score: 8.2
Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1271
Release Date: Apr 06, 2018 01:00 PM
Fix Resolution : org.springframework:spring-webflux:5.0.5.RELEASE,org.springframework:spring-webmvc:4.3.15.RELEASE,5.0.5.RELEASE
🔴CVE-2018-1257
Vulnerable Library - spring-core-4.3.30.RELEASE.jar
Spring Core
Library home page: https://projects.spring.io/spring-framework
Path to dependency file: /pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/spring-core/4.3.30.RELEASE/spring-core-4.3.30.RELEASE.jar
Dependency Hierarchy:
- spring-context-4.3.30.RELEASE.jar (Root Library)
- spring-aop-4.3.30.RELEASE.jar
- spring-beans-4.3.30.RELEASE.jar
- ❌ spring-core-4.3.30.RELEASE.jar (Vulnerable Library)
- spring-beans-4.3.30.RELEASE.jar
- spring-aop-4.3.30.RELEASE.jar
Vulnerability Details
Spring Framework, versions 5.0.x prior to 5.0.6, versions 4.3.x prior to 4.3.17, and older unsupported versions allows applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to the broker that can lead to a regular expression, denial of service attack.
Publish Date: May 11, 2018 08:00 PM
URL: CVE-2018-1257
Threat Assessment
Exploit Maturity:Not Defined
EPSS:1.8%
Score: 7.1
Suggested Fix
Type: Upgrade version
Origin: https://nvd.nist.gov/vuln/detail/CVE-2018-1257
Release Date: May 11, 2018 08:00 PM
Fix Resolution : 5.0.6,4.3.17
🔴CVE-2022-22950
Vulnerable Library - spring-expression-4.3.30.RELEASE.jar
Spring Expression Language (SpEL)
Library home page: https://projects.spring.io/spring-framework
Path to dependency file: /pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/spring-expression/4.3.30.RELEASE/spring-expression-4.3.30.RELEASE.jar
Dependency Hierarchy:
- spring-context-4.3.30.RELEASE.jar (Root Library)
- ❌ spring-expression-4.3.30.RELEASE.jar (Vulnerable Library)
Reachability Analysis
The vulnerable code is unreachable
Vulnerability Details
n Spring Framework versions 5.3.0 - 5.3.16 and older unsupported versions, it is possible for a user to provide a specially crafted SpEL expression that may cause a denial of service condition.
Publish Date: Apr 01, 2022 10:17 PM
URL: CVE-2022-22950
Threat Assessment
Exploit Maturity:Not Defined
EPSS:4.1%
Score: 7.1
Suggested Fix
Type: Upgrade version
Origin: GHSA-558x-2xjg-6232
Release Date: Apr 01, 2022 10:17 PM
Fix Resolution : org.springframework:spring-expression:5.2.20.RELEASE,org.springframework:spring-expression:5.3.17
🔴CVE-2023-20861
Vulnerable Library - spring-expression-4.3.30.RELEASE.jar
Spring Expression Language (SpEL)
Library home page: https://projects.spring.io/spring-framework
Path to dependency file: /pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/spring-expression/4.3.30.RELEASE/spring-expression-4.3.30.RELEASE.jar
Dependency Hierarchy:
- spring-context-4.3.30.RELEASE.jar (Root Library)
- ❌ spring-expression-4.3.30.RELEASE.jar (Vulnerable Library)
Reachability Analysis
The vulnerable code is unreachable
Vulnerability Details
In Spring Framework versions 6.0.0 - 6.0.6, 5.3.0 - 5.3.25, 5.2.0.RELEASE - 5.2.22.RELEASE, and older unsupported versions, it is possible for a user to provide a specially crafted SpEL expression that may cause a denial-of-service (DoS) condition.
Publish Date: Mar 23, 2023 12:00 AM
URL: CVE-2023-20861
Threat Assessment
Exploit Maturity:Not Defined
EPSS:< 1%
Score: 7.1
Suggested Fix
Type: Upgrade version
Origin: GHSA-564r-hj7v-mcr5
Release Date: Mar 23, 2023 12:00 AM
Fix Resolution : org.springframework:spring-expression:5.3.26,org.springframework:spring-expression:6.0.7,org.springframework:spring-expression:5.2.23.RELEASE
🔴CVE-2023-20863
Vulnerable Library - spring-expression-4.3.30.RELEASE.jar
Spring Expression Language (SpEL)
Library home page: https://projects.spring.io/spring-framework
Path to dependency file: /pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/spring-expression/4.3.30.RELEASE/spring-expression-4.3.30.RELEASE.jar
Dependency Hierarchy:
- spring-context-4.3.30.RELEASE.jar (Root Library)
- ❌ spring-expression-4.3.30.RELEASE.jar (Vulnerable Library)
Reachability Analysis
The vulnerable code is unreachable
Vulnerability Details
In spring framework versions prior to 5.2.24 release+ ,5.3.27+ and 6.0.8+ , it is possible for a user to provide a specially crafted SpEL expression that may cause a denial-of-service (DoS) condition.
Publish Date: Apr 13, 2023 12:00 AM
URL: CVE-2023-20863
Threat Assessment
Exploit Maturity:Not Defined
EPSS:< 1%
Score: 7.1
Suggested Fix
Type: Upgrade version
Origin: GHSA-wxqc-pxw9-g2p8
Release Date: Apr 13, 2023 12:00 AM
Fix Resolution : org.springframework:spring-expression:5.3.27,org.springframework:spring-expression:5.2.24.RELEASE,org.springframework:spring-expression:6.0.8
🟠CVE-2022-22968
Vulnerable Library - spring-context-4.3.30.RELEASE.jar
Spring Context
Library home page: https://projects.spring.io/spring-framework
Path to dependency file: /pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/spring-context/4.3.30.RELEASE/spring-context-4.3.30.RELEASE.jar
Dependency Hierarchy:
- ❌ spring-context-4.3.30.RELEASE.jar (Vulnerable Library)
Reachability Analysis
The vulnerable code is unreachable
Vulnerability Details
In Spring Framework versions 5.3.0 - 5.3.18, 5.2.0 - 5.2.20, and older unsupported versions, the patterns for disallowedFields on a DataBinder are case sensitive which means a field is not effectively protected unless it is listed with both upper and lower case for the first character of the field, including upper and lower case for the first character of all nested fields within the property path.
Publish Date: Apr 14, 2022 08:05 PM
URL: CVE-2022-22968
Threat Assessment
Exploit Maturity:Not Defined
EPSS:16.2%
Score: 6.9
Suggested Fix
Type: Upgrade version
Origin: GHSA-g5mm-vmx4-3rg7
Release Date: Apr 14, 2022 08:05 PM
Fix Resolution : org.springframework:spring-context:5.2.21.RELEASE,org.springframework:spring-context:5.3.19
🟠CVE-2022-22970
Vulnerable Library - spring-core-4.3.30.RELEASE.jar
Spring Core
Library home page: https://projects.spring.io/spring-framework
Path to dependency file: /pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/spring-core/4.3.30.RELEASE/spring-core-4.3.30.RELEASE.jar
Dependency Hierarchy:
- spring-context-4.3.30.RELEASE.jar (Root Library)
- spring-aop-4.3.30.RELEASE.jar
- spring-beans-4.3.30.RELEASE.jar
- ❌ spring-core-4.3.30.RELEASE.jar (Vulnerable Library)
- spring-beans-4.3.30.RELEASE.jar
- spring-aop-4.3.30.RELEASE.jar
Reachability Analysis
The vulnerable code is unreachable
Vulnerability Details
In spring framework versions prior to 5.3.20+ , 5.2.22+ and old unsupported versions, applications that handle file uploads are vulnerable to DoS attack if they rely on data binding to set a MultipartFile or javax.servlet.Part to a field in a model object.
Publish Date: May 12, 2022 07:28 PM
URL: CVE-2022-22970
Threat Assessment
Exploit Maturity:Not Defined
EPSS:< 1%
Score: 6.0
Suggested Fix
Type: Upgrade version
Origin: GHSA-hh26-6xwr-ggv7
Release Date: May 12, 2022 07:28 PM
Fix Resolution : org.springframework:spring-beans:5.2.22.RELEASE,org.springframework:spring-beans:5.3.20
🟠CVE-2022-22970
Vulnerable Library - spring-beans-4.3.30.RELEASE.jar
Spring Beans
Library home page: https://projects.spring.io/spring-framework
Path to dependency file: /pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/spring-beans/4.3.30.RELEASE/spring-beans-4.3.30.RELEASE.jar
Dependency Hierarchy:
- spring-context-4.3.30.RELEASE.jar (Root Library)
- spring-aop-4.3.30.RELEASE.jar
- ❌ spring-beans-4.3.30.RELEASE.jar (Vulnerable Library)
- spring-aop-4.3.30.RELEASE.jar
Reachability Analysis
The vulnerable code is unreachable
Vulnerability Details
In spring framework versions prior to 5.3.20+ , 5.2.22+ and old unsupported versions, applications that handle file uploads are vulnerable to DoS attack if they rely on data binding to set a MultipartFile or javax.servlet.Part to a field in a model object.
Publish Date: May 12, 2022 07:28 PM
URL: CVE-2022-22970
Threat Assessment
Exploit Maturity:Not Defined
EPSS:< 1%
Score: 6.0
Suggested Fix
Type: Upgrade version
Origin: GHSA-hh26-6xwr-ggv7
Release Date: May 12, 2022 07:28 PM
Fix Resolution : org.springframework:spring-beans:5.2.22.RELEASE,org.springframework:spring-beans:5.3.20
🟠CVE-2021-22060
Vulnerable Library - spring-core-4.3.30.RELEASE.jar
Spring Core
Library home page: https://projects.spring.io/spring-framework
Path to dependency file: /pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/spring-core/4.3.30.RELEASE/spring-core-4.3.30.RELEASE.jar
Dependency Hierarchy:
- spring-context-4.3.30.RELEASE.jar (Root Library)
- spring-aop-4.3.30.RELEASE.jar
- spring-beans-4.3.30.RELEASE.jar
- ❌ spring-core-4.3.30.RELEASE.jar (Vulnerable Library)
- spring-beans-4.3.30.RELEASE.jar
- spring-aop-4.3.30.RELEASE.jar
Reachability Analysis
This vulnerability is potentially reachable:
- org.owasp.benchmark.helpers.DataBaseServer (Application)
- org.springframework.http.ResponseEntity (Extension)
- org.springframework.http.HttpHeaders (Extension)
- org.springframework.http.HttpRange (Extension)
- org.springframework.core.io.InputStreamResource (Extension)
- org.springframework.core.io.AbstractResource (Extension)
- org.springframework.util.ResourceUtils (Extension)
- org.springframework.util.ClassUtils (Extension)
- org.springframework.util.ReflectionUtils (Extension)
- org.springframework.util.ConcurrentReferenceHashMap (Extension)
-> ❌ org.springframework.util.ConcurrentReferenceHashMap$Task (Vulnerable Component)
Vulnerability Details
In Spring Framework versions 5.3.0 - 5.3.13, 5.2.0 - 5.2.18, and older unsupported versions, it is possible for a user to provide malicious input to cause the insertion of additional log entries. This is a follow-up to CVE-2021-22096 that protects against additional types of input and in more places of the Spring Framework codebase.
Publish Date: Jan 07, 2022 10:39 PM
URL: CVE-2021-22060
Threat Assessment
Exploit Maturity:Not Defined
EPSS:< 1%
Score: 5.3
Suggested Fix
Type: Upgrade version
Origin: GHSA-6gf2-pvqw-37ph
Release Date: Jan 07, 2022 10:39 PM
Fix Resolution : org.springframework:spring-core:5.3.14
🟠CVE-2021-22096
Vulnerable Library - spring-core-4.3.30.RELEASE.jar
Spring Core
Library home page: https://projects.spring.io/spring-framework
Path to dependency file: /pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/spring-core/4.3.30.RELEASE/spring-core-4.3.30.RELEASE.jar
Dependency Hierarchy:
- spring-context-4.3.30.RELEASE.jar (Root Library)
- spring-aop-4.3.30.RELEASE.jar
- spring-beans-4.3.30.RELEASE.jar
- ❌ spring-core-4.3.30.RELEASE.jar (Vulnerable Library)
- spring-beans-4.3.30.RELEASE.jar
- spring-aop-4.3.30.RELEASE.jar
Reachability Analysis
This vulnerability is potentially reachable:
- org.owasp.benchmark.helpers.DataBaseServer (Application)
- org.springframework.http.ResponseEntity (Extension)
- org.springframework.http.ResponseEntity$BodyBuilder (Extension)
- org.springframework.http.MediaType (Extension)
-> ❌ org.springframework.util.MimeType (Vulnerable Component)
Vulnerability Details
In Spring Framework versions 5.3.0 - 5.3.10, 5.2.0 - 5.2.17, and older unsupported versions, it is possible for a user to provide malicious input to cause the insertion of additional log entries.
Publish Date: Oct 28, 2021 03:22 PM
URL: CVE-2021-22096
Threat Assessment
Exploit Maturity:Not Defined
EPSS:< 1%
Score: 5.3
Suggested Fix
Type: Upgrade version
Origin:
Release Date:
Fix Resolution :
🟡CVE-2024-38820
Vulnerable Library - spring-core-4.3.30.RELEASE.jar
Spring Core
Library home page: https://projects.spring.io/spring-framework
Path to dependency file: /pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/spring-core/4.3.30.RELEASE/spring-core-4.3.30.RELEASE.jar
Dependency Hierarchy:
- spring-context-4.3.30.RELEASE.jar (Root Library)
- spring-aop-4.3.30.RELEASE.jar
- spring-beans-4.3.30.RELEASE.jar
- ❌ spring-core-4.3.30.RELEASE.jar (Vulnerable Library)
- spring-beans-4.3.30.RELEASE.jar
- spring-aop-4.3.30.RELEASE.jar
Vulnerability Details
The fix for CVE-2022-22968 made disallowedFields patterns in DataBinder case insensitive. However, String.toLowerCase() has some Locale dependent exceptions that could potentially result in fields not protected as expected.
Publish Date: Oct 18, 2024 05:39 AM
URL: CVE-2024-38820
Threat Assessment
Exploit Maturity:Not Defined
EPSS:< 1%
Score: 2.3
Suggested Fix
Type: Upgrade version
Origin: GHSA-4gc7-5j7h-4qph
Release Date: Oct 18, 2024 05:39 AM
Fix Resolution : org.springframework:spring-context:6.1.14