org.springframework:spring-messaging
Maven3 known CVEs affecting this package
Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.
CVEs affecting org.springframework:spring-messagingpage 1 of 1
- CVE-2018-1270CRITICALCVSS 9.8✓ Fixed in 4.3.16.RELEASE2018-04-06
vulnerable: 4.0.0.RELEASE ... 4.3.9.RELEASE (46 versions)
Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging m…
- CVE-2018-1275CRITICALCVSS 9.8✓ Fixed in 5.0.5.RELEASE2018-04-11
vulnerable: 5.0.0.RELEASE, 5.0.1.RELEASE, 5.0.2.RELEASE, 5.0.3.RELEASE, 5.0.4.RELEASE
Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.16 and older unsupported versions, allow applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging m…
- CVE-2022-22971MEDIUMCVSS 6.5EG 6.5✓ Fixed in 5.2.22.RELEASE2022-05-12
vulnerable: 4.0.0.RELEASE ... 5.2.9.RELEASE (125 versions)
In spring framework versions prior to 5.3.20+ , 5.2.22+ and old unsupported versions, application with a STOMP over WebSocket endpoint is vulnerable to a denial of service attack by an authenticated user.
Check whether org.springframework:spring-messaging is used in your infrastructure
EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for org.springframework:spring-messaging CVEs against the assets you own.
Start Free Scan →