CX: CVE-2021-22060 in Maven-org.springframework:spring-core and 5.3.13 @ hello-world-java.master

**Description**

In Spring Framework versions 5.2.x before 5.2.19.RELEASE, 5.3.x before 5.3.14 and older unsupported versions, it is possible for a user to provide malicious input to cause the insertion of additional log entries. This is a follow-up to CVE-2021-22096 that protects against additional types of input and in more places of the Spring Framework codebase.

**MEDIUM Vulnerable Package** issue exists @ **org.springframework:spring-core** in branch **master**

**Vulnerability ID:** CVE-2021-22060

**Package Name:** org.springframework:spring-core

**Severity:** MEDIUM

**CVSS Score:** 4.3

**Publish Date:** 2022-01-10T14:10:00

**Current Package Version:** 5.3.13

**Remediation Upgrade Recommendation:** 5.3.14

[Link To SCA](https://sca.checkmarx.net/#/projects/f78fe83c-aa61-4729-8ef7-e65b39520ced/reports/5ae74bc0-38c0-40e4-89f1-1b2462b165bd/vulnerabilities/CVE-2021-22060%3AMaven-org.springframework%3Aspring-core-5.3.13/vulnerabilityDetails/vulnerabilities/CVE-2021-22060%3AMaven-org.springframework%3Aspring-core-5.3.13/vulnerabilityDetails)

[Reference – NVD link](https://nvd.nist.gov/vuln/detail/CVE-2021-22060)



Provide feedback

Saved searches

Use saved searches to filter your results more quickly

CX: CVE-2021-22060 in Maven-org.springframework:spring-core and 5.3.13 @ hello-world-java.master #6

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

CX: CVE-2021-22060 in Maven-org.springframework:spring-core and 5.3.13 @ hello-world-java.master #6

Description

Metadata

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Issue actions