Pivotal Software Spring Security — known CVE vulnerabilities
Every CVE whose affected-product data names Pivotal Software Spring Security, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (4)
CVE-2018-1258 — CVSS 8.8 (high): Spring Framework version 5.0.5 when used in combination with any versions of Spring Security contains an authorization bypass when using…
CVE-2020-5407 — CVSS 8.8 (high): Spring Security versions 5.2.x prior to 5.2.4 and 5.3.x prior to 5.3.2 contain a signature wrapping vulnerability during SAML response…
CVE-2021-22112 — CVSS 8.8 (high): Spring Security 5.4.x prior to 5.4.4, 5.3.x prior to 5.3.8.RELEASE, 5.2.x prior to 5.2.9.RELEASE, and older unsupported versions can fail…
CVE-2020-5408 — CVSS 6.5 (medium): Spring Security versions 5.3.x prior to 5.3.2, 5.2.x prior to 5.2.4, 5.1.x prior to 5.1.10, 5.0.x prior to 5.0.16 and 4.2.x prior to 4.2.16…