Debian Libspring-Java vulnerabilities

CVE-2026-22737 [MEDIUM] CVE-2026-22737: libspring-java - Use of Java scripting engine enabled (e.g. JRuby, Jython) template views in Spri... Use of Java scripting engine enabled (e.g. JRuby, Jython) template views in Spring MVC and Spring WebFlux applications can result in disclosure of content from files outside the configured locations for script template views. This issue affects Spring Framework: from 7.0.0 through 7.0.5, from 6.2.0 through 6.2.16, from 6.1.0 through 6.1.25, from 5.3.0 throu

CVE-2026-22735 [LOW] CVE-2026-22735: libspring-java - Spring MVC and WebFlux applications are vulnerable to stream corruption when usi... Spring MVC and WebFlux applications are vulnerable to stream corruption when using Server-Sent Events (SSE). This issue affects Spring Foundation: from 7.0.0 through 7.0.5, from 6.2.0 through 6.2.16, from 6.1.0 through 6.1.25, from 5.3.0 through 5.3.46. Scope: local bookworm: open bullseye: open forky: open sid: open trixie: open

CVE-2025-22233 [LOW] CVE-2025-22233: libspring-java - CVE-2024-38820 ensured Locale-independent, lowercase conversion for both the con... CVE-2024-38820 ensured Locale-independent, lowercase conversion for both the configured disallowedFields patterns and for request parameter names. However, there are still cases where it is possible to bypass the disallowedFields checks. Affected Spring Products and Versions Spring Framework: * 6.2.0 - 6.2.6 * 6.1.0 - 6.1.19 * 6.0.0 - 6.0.27 * 5.3.0 - 5.3.42 *

CVE-2025-41242 [MEDIUM] CVE-2025-41242: libspring-java - Spring Framework MVC applications can be vulnerable to a “Path Traversal Vulnera... Spring Framework MVC applications can be vulnerable to a “Path Traversal Vulnerability” when deployed on a non-compliant Servlet container. An application can be vulnerable when all the following are true: * the application is deployed as a WAR or with an embedded Servlet container * the Servlet container does not reject suspicious sequences https://jakarta

CVE-2025-41254 [MEDIUM] CVE-2025-41254: libspring-java - STOMP over WebSocket applications may be vulnerable to a security bypass that al... STOMP over WebSocket applications may be vulnerable to a security bypass that allows an attacker to send unauthorized messages. Affected Spring Products and VersionsSpring Framework: * 6.2.0 - 6.2.11 * 6.1.0 - 6.1.23 * 6.0.x - 6.0.29 * 5.3.0 - 5.3.45 * Older, unsupported versions are also affected. MitigationUsers of affected versions should upgrade to the

CVE-2025-41249 [HIGH] CVE-2025-41249: libspring-java - The Spring Framework annotation detection mechanism may not correctly resolve an... The Spring Framework annotation detection mechanism may not correctly resolve annotations on methods within type hierarchies with a parameterized super type with unbounded generics. This can be an issue if such annotations are used for authorization decisions. Your application may be affected by this if you are using Spring Security's @EnableMethodSecurity fe

CVE-2025-41234 [MEDIUM] CVE-2025-41234: libspring-java - Description In Spring Framework, versions 6.0.x as of 6.0.5, versions 6.1.x and... Description In Spring Framework, versions 6.0.x as of 6.0.5, versions 6.1.x and 6.2.x, an application is vulnerable to a reflected file download (RFD) attack when it sets a “Content-Disposition” header with a non-ASCII charset, where the filename attribute is derived from user-supplied input. Specifically, an application is vulnerable when all the following

CVE-2024-38820 [MEDIUM] CVE-2024-38820: libspring-java - The fix for CVE-2022-22968 made disallowedFields patterns in DataBinder case ins... The fix for CVE-2022-22968 made disallowedFields patterns in DataBinder case insensitive. However, String.toLowerCase() has some Locale dependent exceptions that could potentially result in fields not protected as expected. Scope: local bookworm: open bullseye: open forky: open sid: open trixie: open

CVE-2024-22262 [HIGH] CVE-2024-22262: libspring-java - Applications that use UriComponentsBuilder to parse an externally provided URL (... Applications that use UriComponentsBuilder to parse an externally provided URL (e.g. through a query parameter) AND perform validation checks on the host of the parsed URL may be vulnerable to a open redirect https://cwe.mitre.org/data/definitions/601.html attack or to a SSRF attack if the URL is used after passing validation checks. This is the same as CVE-2

CVE-2024-22233 [HIGH] CVE-2024-22233: libspring-java - In Spring Framework versions 6.0.15 and 6.1.2, it is possible for a user to prov... In Spring Framework versions 6.0.15 and 6.1.2, it is possible for a user to provide specially crafted HTTP requests that may cause a denial-of-service (DoS) condition. Specifically, an application is vulnerable when all of the following are true: * the application uses Spring MVC * Spring Security 6.1.6+ or 6.2.1+ is on the classpath Typically, Spring Boot ap

CVE-2024-22243 [HIGH] CVE-2024-22243: libspring-java - Applications that use UriComponentsBuilder to parse an externally provided URL (... Applications that use UriComponentsBuilder to parse an externally provided URL (e.g. through a query parameter) AND perform validation checks on the host of the parsed URL may be vulnerable to a open redirect https://cwe.mitre.org/data/definitions/601.html attack or to a SSRF attack if the URL is used after passing validation checks. Scope: local bookworm: op

CVE-2024-22259 [HIGH] CVE-2024-22259: libspring-java - Applications that use UriComponentsBuilder in Spring Framework to parse an exter... Applications that use UriComponentsBuilder in Spring Framework to parse an externally provided URL (e.g. through a query parameter) AND perform validation checks on the host of the parsed URL may be vulnerable to a open redirect https://cwe.mitre.org/data/definitions/601.html attack or to a SSRF attack if the URL is used after passing validation checks. This

CVE-2024-38829 [LOW] CVE-2024-38829: libspring-java - A vulnerability in Spring LDAP allows data exposure for case sensitive compariso... A vulnerability in Spring LDAP allows data exposure for case sensitive comparisons.This issue affects Spring LDAP: from 2.4.0 through 2.4.3, from 3.0.0 through 3.0.9, from 3.1.0 through 3.1.7, from 3.2.0 through 3.2.7, AND all versions prior to 2.4.0. The usage of String.toLowerCase() and String.toUpperCase() has some Locale dependent exceptions that could pot

CVE-2024-38819 [HIGH] CVE-2024-38819: libspring-java - Applications serving static resources through the functional web frameworks WebM... Applications serving static resources through the functional web frameworks WebMvc.fn or WebFlux.fn are vulnerable to path traversal attacks. An attacker can craft malicious HTTP requests and obtain any file on the file system that is also accessible to the process in which the Spring application is running. Scope: local bookworm: open bullseye: open forky: o

CVE-2024-38809 [MEDIUM] CVE-2024-38809: libspring-java - Applications that parse ETags from "If-Match" or "If-None-Match" request headers... Applications that parse ETags from "If-Match" or "If-None-Match" request headers are vulnerable to DoS attack. Users of affected versions should upgrade to the corresponding fixed version. Users of older, unsupported versions could enforce a size limit on "If-Match" and "If-None-Match" headers, e.g. through a Filter. Scope: local bookworm: open bullseye: op

CVE-2024-38828 [MEDIUM] CVE-2024-38828: libspring-java - Spring MVC controller methods with an @RequestBody byte[] method parameter are v... Spring MVC controller methods with an @RequestBody byte[] method parameter are vulnerable to a DoS attack. Scope: local bookworm: open bullseye: open forky: open sid: open trixie: open

CVE-2024-38807 [MEDIUM] CVE-2024-38807: libspring-java - Applications that use spring-boot-loader or spring-boot-loader-classic and conta... Applications that use spring-boot-loader or spring-boot-loader-classic and contain custom code that performs signature verification of nested jar files may be vulnerable to signature forgery where content that appears to have been signed by one signer has, in fact, been signed by another. Scope: local bookworm: open bullseye: open forky: open sid: open trix

CVE-2024-38816 [HIGH] CVE-2024-38816: libspring-java - Applications serving static resources through the functional web frameworks WebM... Applications serving static resources through the functional web frameworks WebMvc.fn or WebFlux.fn are vulnerable to path traversal attacks. An attacker can craft malicious HTTP requests and obtain any file on the file system that is also accessible to the process in which the Spring application is running. Specifically, an application is vulnerable when bot

CVE-2024-38808 [MEDIUM] CVE-2024-38808: libspring-java - In Spring Framework versions 5.3.0 - 5.3.38 and older unsupported versions, it i... In Spring Framework versions 5.3.0 - 5.3.38 and older unsupported versions, it is possible for a user to provide a specially crafted Spring Expression Language (SpEL) expression that may cause a denial of service (DoS) condition. Specifically, an application is vulnerable when the following is true: * The application evaluates user-supplied SpEL expressions

CVE-2023-20860 [HIGH] CVE-2023-20860: libspring-java - Spring Framework running version 6.0.0 - 6.0.6 or 5.3.0 - 5.3.25 using "**" as a... Spring Framework running version 6.0.0 - 6.0.6 or 5.3.0 - 5.3.25 using "**" as a pattern in Spring Security configuration with the mvcRequestMatcher creates a mismatch in pattern matching between Spring Security and Spring MVC, and the potential for a security bypass. Scope: local bookworm: open bullseye: open forky: open sid: open trixie: open