Vulnerabilities > Vmware > Spring Framework > 5.0.1

DATE CVE VULNERABILITY TITLE RISK
2018-04-06 CVE-2018-1270 Code Injection vulnerability in multiple products
Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module.
network
low complexity
vmware oracle redhat debian CWE-94
critical
 9.8
9.8
2018-03-16 CVE-2018-1199 Improper Input Validation vulnerability in multiple products
Spring Security (Spring Security 4.1.x before 4.1.5, 4.2.x before 4.2.4, and 5.0.x before 5.0.1; and Spring Framework 4.3.x before 4.3.14 and 5.0.x before 5.0.3) does not consider URL path parameters when processing security constraints.
network
low complexity
vmware redhat oracle CWE-20
5.3
5.3