Skip to content

spring-boot-starter-test-2.6.1.jar: 21 vulnerabilities (highest severity is: 9.8) [main] (reachable) #6

Open
Open
spring-boot-starter-test-2.6.1.jar: 21 vulnerabilities (highest severity is: 9.8) [main] (reachable)#6
@mend-developer-platform-dev

Description

@mend-developer-platform-dev
mend-developer-platform-dev
bot
opened on Sep 28, 2025
📂 Vulnerable Library - spring-boot-starter-test-2.6.1.jar

Starter for testing Spring Boot applications with libraries including JUnit Jupiter, Hamcrest and Mockito

Path to dependency file: /build.gradle

Path to vulnerable library: /tmp/containerbase/cache/.gradle/caches/modules-2/files-2.1/org.springframework.boot/spring-boot-starter-test/2.6.1/e31a5b813f3b614563f0908a57fa554bc2a979f/spring-boot-starter-test-2.6.1.jar

Findings

Finding Severity 🎯 CVSS Exploit Maturity EPSS Library Type Fixed in Remediation Available Reachability
CVE-953123-750181 🟣 Critical 9.8 N/A N/A jakarta.activation-api-1.2.2.jar Transitive N/A
CVE-2022-25857 🔴 High 8.7 Not Defined < 1% snakeyaml-1.29.jar Transitive N/A Reachable
CVE-2023-1370 🔴 High 8.7 Not Defined < 1% json-smart-2.4.7.jar Transitive N/A Reachable
CVE-2023-20883 🔴 High 8.7 Not Defined < 1% spring-boot-autoconfigure-2.6.1.jar Transitive N/A Unreachable
CVE-2018-1196 🔴 High 8.2 Not Defined < 1% spring-boot-2.6.1.jar Transitive N/A Reachable
CVE-2018-1271 🔴 High 8.2 Not Defined 91.2% spring-core-5.3.13.jar Transitive N/A Reachable
CVE-2023-6378 🔴 High 8.2 Not Defined < 1% logback-core-1.2.7.jar Transitive N/A Reachable
CVE-2021-42550 🔴 High 7.5 Not Defined 4.3% logback-classic-1.2.7.jar Transitive N/A Reachable
CVE-2021-42550 🔴 High 7.5 Not Defined 4.3% logback-core-1.2.7.jar Transitive N/A Reachable
CVE-2022-1471 🔴 High 7.4 Functional 93.8% snakeyaml-1.29.jar Transitive N/A Reachable
CVE-2018-1257 🔴 High 7.1 Not Defined 1.8% spring-core-5.3.13.jar Transitive N/A Reachable
CVE-2022-38749 🔴 High 7.1 Not Defined < 1% snakeyaml-1.29.jar Transitive N/A Reachable
CVE-2022-38750 🔴 High 7.1 Not Defined < 1% snakeyaml-1.29.jar Transitive N/A Reachable
CVE-2022-38751 🔴 High 7.1 Not Defined < 1% snakeyaml-1.29.jar Transitive N/A Reachable
CVE-2022-38752 🔴 High 7.1 Not Defined < 1% snakeyaml-1.29.jar Transitive N/A Reachable
CVE-2022-22968 🟠 Medium 6.9 Not Defined 16.2% spring-context-5.3.13.jar Transitive N/A Reachable
CVE-2022-41854 🟠 Medium 6.9 Not Defined < 1% snakeyaml-1.29.jar Transitive N/A Reachable
CVE-2022-22970 🟠 Medium 6.0 Not Defined < 1% spring-core-5.3.13.jar Transitive N/A Reachable
CVE-2025-22235 🟠 Medium 5.5 Functional < 1% spring-boot-2.6.1.jar Transitive N/A
CVE-2021-22060 🟠 Medium 5.3 Not Defined < 1% spring-core-5.3.13.jar Transitive N/A Reachable
CVE-2024-38820 🟡 Low 2.3 Not Defined < 1% spring-core-5.3.13.jar Transitive N/A

Details

🟣CVE-953123-750181

Vulnerable Library - jakarta.activation-api-1.2.2.jar

Jakarta Activation API jar

Library home page: https://www.eclipse.org

Path to dependency file: /build.gradle

Path to vulnerable library: /tmp/containerbase/cache/.gradle/caches/modules-2/files-2.1/jakarta.activation/jakarta.activation-api/1.2.2/99f53adba383cb1bf7c3862844488574b559621f/jakarta.activation-api-1.2.2.jar

Dependency Hierarchy:

  • spring-boot-starter-test-2.6.1.jar (Root Library)
    • jakarta.xml.bind-api-2.3.3.jar
      • jakarta.activation-api-1.2.2.jar (Vulnerable Library)

Vulnerability Details

Created automatically by the test suite

Publish Date: Jun 07, 2010 05:12 PM

URL: CVE-953123-750181

Threat Assessment

Exploit Maturity:N/A

EPSS:N/A

Score: 9.8

Suggested Fix

Type: Upgrade version

Origin:

Release Date:

Fix Resolution :

🔴CVE-2022-25857

Vulnerable Library - snakeyaml-1.29.jar

YAML 1.1 parser and emitter for Java

Library home page: http://www.snakeyaml.org

Path to dependency file: /build.gradle

Path to vulnerable library: /tmp/containerbase/cache/.gradle/caches/modules-2/files-2.1/org.yaml/snakeyaml/1.29/6d0cdafb2010f1297e574656551d7145240f6e25/snakeyaml-1.29.jar

Dependency Hierarchy:

  • spring-boot-starter-test-2.6.1.jar (Root Library)
    • spring-boot-starter-2.6.1.jar
      • snakeyaml-1.29.jar (Vulnerable Library)

Reachability Analysis

This vulnerability is potentially reachable:

- fr.christophetd.log4shell.vulnerableapp.VulnerableAppApplication (Application)
    - org.springframework.boot.autoconfigure.SpringBootApplication (Extension)
        - org.springframework.boot.autoconfigure.AutoConfigurationImportSelector (Extension)
            - org.springframework.beans.factory.config.ConfigurableListableBeanFactory (Extension)
                - org.springframework.beans.factory.support.DefaultListableBeanFactory$MultiElementDescriptor (Extension)
                    - org.springframework.beans.factory.support.DefaultListableBeanFactory (Extension)
                        - org.springframework.beans.factory.config.YamlMapFactoryBean (Extension)
                            - org.springframework.beans.factory.config.YamlProcessor (Extension)
                                -> ❌ org.yaml.snakeyaml.LoaderOptions (Vulnerable Component)

Vulnerability Details

The package org.yaml:snakeyaml from 0 and before 1.31 are vulnerable to Denial of Service (DoS) due missing to nested depth limitation for collections.

Publish Date: Aug 30, 2022 05:05 AM

URL: CVE-2022-25857

Threat Assessment

Exploit Maturity:Not Defined

EPSS:< 1%

Score: 8.7

Suggested Fix

Type: Upgrade version

Origin: GHSA-3mc7-4q67-w48m

Release Date: Aug 30, 2022 05:05 AM

Fix Resolution : org.yaml:snakeyaml:1.31

🔴CVE-2023-1370

Vulnerable Library - json-smart-2.4.7.jar

JSON (JavaScript Object Notation) is a lightweight data-interchange format. It is easy for humans to read and write. It is easy for machines to parse and generate. It is based on a subset of the JavaScript Programming Language, Standard ECMA-262 3rd Edition - December 1999. JSON is a text format that is completely language independent but uses conventions that are familiar to programmers of the C-family of languages, including C, C++, C#, Java, JavaScript, Perl, Python, and many others. These properties make JSON an ideal data-interchange language.

Library home page: https://urielch.github.io/

Path to dependency file: /build.gradle

Path to vulnerable library: /tmp/containerbase/cache/.gradle/caches/modules-2/files-2.1/net.minidev/json-smart/2.4.7/8d7f4c1530c07c54930935f3da85f48b83b3c109/json-smart-2.4.7.jar

Dependency Hierarchy:

  • spring-boot-starter-test-2.6.1.jar (Root Library)
    • json-path-2.6.0.jar
      • json-smart-2.4.7.jar (Vulnerable Library)

Reachability Analysis

This vulnerability is potentially reachable:

- fr.christophetd.log4shell.vulnerableapp.VulnerableAppApplication (Application)
    - org.springframework.boot.autoconfigure.SpringBootApplication (Extension)
        - org.springframework.context.annotation.ComponentScan (Extension)
            - org.springframework.context.annotation.AnnotationScopeMetadataResolver (Extension)
                - org.springframework.context.annotation.AnnotationConfigUtils (Extension)
                    - org.springframework.context.annotation.ContextAnnotationAutowireCandidateResolver (Extension)
                        - org.springframework.beans.factory.annotation.QualifierAnnotationAutowireCandidateResolver (Extension)
                            - org.springframework.test.web.servlet.setup.StubWebApplicationContext$StubBeanFactory (Extension)
                                - org.springframework.test.context.testng.AbstractTransactionalTestNGSpringContextTests (Extension)
                                    - org.springframework.test.context.web.ServletTestExecutionListener (Extension)
                                        - org.springframework.mock.web.MockHttpServletRequest (Extension)
                                            - org.springframework.test.web.servlet.htmlunit.HtmlUnitRequestBuilder$HtmlUnitMockHttpSession (Extension)
                                                - org.springframework.test.web.servlet.htmlunit.HtmlUnitRequestBuilder (Extension)
                                                    - org.springframework.test.web.servlet.htmlunit.MockMvcWebConnection (Extension)
                                                        - org.springframework.test.web.servlet.client.MockMvcWebTestClient$1 (Extension)
                                                            - org.springframework.test.web.servlet.client.MockMvcWebTestClient (Extension)
                                                                - org.springframework.test.web.reactive.server.WebTestClient (Extension)
                                                                    - org.springframework.test.web.reactive.server.WebTestClient$BodyContentSpec (Extension)
                                                                        - org.springframework.test.web.reactive.server.JsonPathAssertions (Extension)
                                                                            - org.springframework.test.util.JsonPathExpectationsHelper (Extension)
                                                                                - com.jayway.jsonpath.DocumentContext (Extension)
                                                                                    - com.jayway.jsonpath.Criteria (Extension)
                                                                                        - com.jayway.jsonpath.internal.filter.ValueNode (Extension)
                                                                                            - net.minidev.json.parser.JSONParser (Extension)
                                                                                                - net.minidev.json.writer.CollectionMapper$MapClass (Extension)
                                                                                                    -> ❌ net.minidev.json.writer.CollectionMapper (Vulnerable Component)

Vulnerability Details

"Json-smart" (https://netplex.github.io/json-smart/) is a performance focused, JSON processor lib.
When reaching a ‘[‘ or ‘{‘ character in the JSON input, the code parses an array or an object respectively.
It was discovered that the code does not have any limit to the nesting of such arrays or objects. Since the parsing of nested arrays and objects is done recursively, nesting too many of them can cause a stack exhaustion (stack overflow) and crash the software.
Mend Note: The description of this vulnerability differs from MITRE.

Publish Date: Mar 13, 2023 09:04 AM

URL: CVE-2023-1370

Threat Assessment

Exploit Maturity:Not Defined

EPSS:< 1%

Score: 8.7

Suggested Fix

Type: Upgrade version

Origin: GHSA-493p-pfq6-5258

Release Date: Mar 13, 2023 09:04 AM

Fix Resolution : net.minidev:json-smart:2.4.9

🔴CVE-2023-20883

Vulnerable Library - spring-boot-autoconfigure-2.6.1.jar

Spring Boot AutoConfigure

Library home page: https://spring.io/projects/spring-boot

Path to dependency file: /build.gradle

Path to vulnerable library: /tmp/containerbase/cache/.gradle/caches/modules-2/files-2.1/org.springframework.boot/spring-boot-autoconfigure/2.6.1/9ac07afd64da0cce435792ba1328c93edcfbb2fb/spring-boot-autoconfigure-2.6.1.jar

Dependency Hierarchy:

  • spring-boot-starter-test-2.6.1.jar (Root Library)
    • spring-boot-starter-2.6.1.jar
      • spring-boot-autoconfigure-2.6.1.jar (Vulnerable Library)

Reachability Analysis

The vulnerable code is unreachable

Vulnerability Details

In Spring Boot versions 3.0.0 - 3.0.6, 2.7.0 - 2.7.11, 2.6.0 - 2.6.14, 2.5.0 - 2.5.14 and older unsupported versions, there is potential for a denial-of-service (DoS) attack if Spring MVC is used together with a reverse proxy cache.

Publish Date: May 26, 2023 12:00 AM

URL: CVE-2023-20883

Threat Assessment

Exploit Maturity:Not Defined

EPSS:< 1%

Score: 8.7

Suggested Fix

Type: Upgrade version

Origin: GHSA-xf96-w227-r7c4

Release Date: May 26, 2023 12:00 AM

Fix Resolution : org.springframework.boot:spring-boot-autoconfigure:2.6.15,org.springframework.boot:spring-boot-autoconfigure:3.0.7,org.springframework.boot:spring-boot-autoconfigure:2.5.15,org.springframework.boot:spring-boot-autoconfigure:2.7.12

🔴CVE-2018-1196

Vulnerable Library - spring-boot-2.6.1.jar

Spring Boot

Library home page: https://spring.io/projects/spring-boot

Path to dependency file: /build.gradle

Path to vulnerable library: /tmp/containerbase/cache/.gradle/caches/modules-2/files-2.1/org.springframework.boot/spring-boot/2.6.1/f670cee55752c1f1b304508e18bafd000e543174/spring-boot-2.6.1.jar

Dependency Hierarchy:

  • spring-boot-starter-test-2.6.1.jar (Root Library)
    • spring-boot-starter-2.6.1.jar
      • spring-boot-2.6.1.jar (Vulnerable Library)

Reachability Analysis

This vulnerability is potentially reachable:

- fr.christophetd.log4shell.vulnerableapp.VulnerableAppApplication (Application)
    - org.springframework.boot.SpringApplication (Extension)
        - org.springframework.boot.context.properties.bind.Binder (Extension)
            -> ❌ org.springframework.boot.context.properties.source.FilteredConfigurationPropertiesSource (Vulnerable Component)

Vulnerability Details

Spring Boot supports an embedded launch script that can be used to easily run the application as a systemd or init.d linux service. The script included with Spring Boot 1.5.9 and earlier and 2.0.0.M1 through 2.0.0.M7 is susceptible to a symlink attack which allows the "run_user" to overwrite and take ownership of any file on the same system. In order to instigate the attack, the application must be installed as a service and the "run_user" requires shell access to the server. Spring Boot application that are not installed as a service, or are not using the embedded launch script are not susceptible.

Publish Date: Mar 19, 2018 06:00 PM

URL: CVE-2018-1196

Threat Assessment

Exploit Maturity:Not Defined

EPSS:< 1%

Score: 8.2

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1196

Release Date: Mar 19, 2018 06:00 PM

Fix Resolution : 1.5.10.RELEASE

🔴CVE-2018-1271

Vulnerable Library - spring-core-5.3.13.jar

Spring Core

Library home page: https://spring.io/projects/spring-framework

Path to dependency file: /build.gradle

Path to vulnerable library: /tmp/containerbase/cache/.gradle/caches/modules-2/files-2.1/org.springframework/spring-core/5.3.13/d2a6c3372dd337e08144f9f49f386b8ec7a8080d/spring-core-5.3.13.jar

Dependency Hierarchy:

  • spring-boot-starter-web-2.6.1.jar (Root Library)

    • spring-webmvc-5.3.13.jar
      • spring-aop-5.3.13.jar
        • spring-core-5.3.13.jar (Vulnerable Library)

  • spring-boot-starter-test-2.6.1.jar (Root Library)

    • spring-boot-starter-2.6.1.jar
      • spring-boot-2.6.1.jar
        • spring-core-5.3.13.jar (Vulnerable Library)

Reachability Analysis

This vulnerability is potentially reachable:

- fr.christophetd.log4shell.vulnerableapp.VulnerableAppApplication (Application)
    - org.springframework.boot.autoconfigure.SpringBootApplication (Extension)
        - org.springframework.boot.autoconfigure.AutoConfigurationImportSelector (Extension)
            - org.springframework.boot.context.properties.bind.Binder (Extension)
                - org.springframework.boot.context.properties.ConfigurationPropertiesBinder$ConfigurationPropertiesBindHandler (Extension)
                    - org.springframework.boot.context.properties.ConfigurationPropertiesBinder (Extension)
                        - org.springframework.validation.Validator (Extension)
                            - org.springframework.validation.AbstractBindingResult (Extension)
                                - org.springframework.validation.beanvalidation.SpringValidatorAdapter$ViolationFieldError (Extension)
                                    - org.springframework.validation.beanvalidation.LocalValidatorFactoryBean (Extension)
                                        - org.springframework.context.support.AbstractApplicationContext (Extension)
                                            - org.springframework.context.support.PostProcessorRegistrationDelegate (Extension)
                                                - org.springframework.context.annotation.ConfigurationClassParser$SourceClass (Extension)
                                                    - org.springframework.context.annotation.ConfigurationClassParser (Extension)
                                                        - org.springframework.context.annotation.ComponentScanAnnotationParser (Extension)
                                                            - org.springframework.context.annotation.TypeFilterUtils (Extension)
                                                                - org.springframework.core.type.filter.RegexPatternTypeFilter (Extension)
                                                                    -> ❌ org.springframework.core.type.filter.AbstractClassTestingTypeFilter (Vulnerable Component)

Vulnerability Details

Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to configure Spring MVC to serve static resources (e.g. CSS, JS, images). When static resources are served from a file system on Windows (as opposed to the classpath, or the ServletContext), a malicious user can send a request using a specially crafted URL that can lead a directory traversal attack.

Publish Date: Apr 06, 2018 01:00 PM

URL: CVE-2018-1271

Threat Assessment

Exploit Maturity:Not Defined

EPSS:91.2%

Score: 8.2

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1271

Release Date: Apr 06, 2018 01:00 PM

Fix Resolution : org.springframework:spring-webflux:5.0.5.RELEASE,org.springframework:spring-webmvc:4.3.15.RELEASE,5.0.5.RELEASE

🔴CVE-2023-6378

Vulnerable Library - logback-core-1.2.7.jar

logback-core module

Library home page: http://www.qos.ch

Path to dependency file: /build.gradle

Path to vulnerable library: /tmp/containerbase/cache/.gradle/caches/modules-2/files-2.1/ch.qos.logback/logback-core/1.2.7/31f7db3c4277023742268c0c3f9b65f1f297e49a/logback-core-1.2.7.jar

Dependency Hierarchy:

  • spring-boot-starter-test-2.6.1.jar (Root Library)
    • spring-boot-starter-2.6.1.jar
      • spring-boot-starter-logging-2.6.1.jar
        • logback-classic-1.2.7.jar
          • logback-core-1.2.7.jar (Vulnerable Library)

Reachability Analysis

This vulnerability is potentially reachable:

- fr.christophetd.log4shell.vulnerableapp.VulnerableAppApplication (Application)
    - org.springframework.boot.autoconfigure.SpringBootApplication (Extension)
        - org.springframework.boot.autoconfigure.AutoConfigurationImportSelector (Extension)
            - org.springframework.boot.context.properties.bind.Binder (Extension)
                - org.springframework.boot.context.config.ConfigDataEnvironmentContributors$InactiveSourceChecker (Extension)
                    - org.springframework.boot.context.config.ConfigDataEnvironmentContributors (Extension)
                        - org.springframework.boot.DefaultBootstrapContext (Extension)
                            - org.springframework.boot.web.servlet.support.SpringBootServletInitializer$WebEnvironmentPropertySourceInitializer (Extension)
                                - org.springframework.boot.web.servlet.support.SpringBootServletInitializer (Extension)
                                    - org.springframework.boot.context.logging.LoggingApplicationListener (Extension)
                                        - org.springframework.boot.logging.logback.LogbackLoggingSystem (Extension)
                                            - ch.qos.logback.classic.joran.JoranConfigurator (Extension)
                                                - ch.qos.logback.classic.util.DefaultNestedComponentRules (Extension)
                                                    - ch.qos.logback.core.net.ssl.SSLNestedComponentRegistryRules (Extension)
                                                        - ch.qos.logback.core.net.ssl.KeyStoreFactoryBean (Extension)
                                                            -> ❌ ch.qos.logback.core.util.LocationUtil (Vulnerable Component)

Vulnerability Details

A serialization vulnerability in logback receiver component part of
logback version 1.4.11 allows an attacker to mount a Denial-Of-Service
attack by sending poisoned data.

Publish Date: Nov 29, 2023 12:02 PM

URL: CVE-2023-6378

Threat Assessment

Exploit Maturity:Not Defined

EPSS:< 1%

Score: 8.2

Suggested Fix

Type: Upgrade version

Origin: GHSA-vmq6-5m68-f53m

Release Date: Nov 29, 2023 12:02 PM

Fix Resolution : ch.qos.logback:logback-core:1.2.13,ch.qos.logback:logback-classic:1.3.12,ch.qos.logback:logback-core:1.4.12,ch.qos.logback:logback-core:1.3.12,ch.qos.logback:logback-classic:1.4.12,ch.qos.logback:logback-classic:1.2.13

🔴CVE-2021-42550

Vulnerable Library - logback-classic-1.2.7.jar

logback-classic module

Library home page: http://www.qos.ch

Path to dependency file: /build.gradle

Path to vulnerable library: /tmp/containerbase/cache/.gradle/caches/modules-2/files-2.1/ch.qos.logback/logback-classic/1.2.7/3e89a85545181f1a3a9efc9516ca92658502505b/logback-classic-1.2.7.jar

Dependency Hierarchy:

  • spring-boot-starter-test-2.6.1.jar (Root Library)
    • spring-boot-starter-2.6.1.jar
      • spring-boot-starter-logging-2.6.1.jar
        • logback-classic-1.2.7.jar (Vulnerable Library)

Reachability Analysis

This vulnerability is potentially reachable:

- fr.christophetd.log4shell.vulnerableapp.VulnerableAppApplication (Application)
    - org.springframework.boot.autoconfigure.SpringBootApplication (Extension)
        - org.springframework.context.annotation.ComponentScan (Extension)
            - org.springframework.context.annotation.AnnotationScopeMetadataResolver (Extension)
                - org.springframework.context.annotation.AnnotationConfigUtils (Extension)
                    - org.springframework.context.support.GenericXmlApplicationContext (Extension)
                        - org.springframework.beans.factory.xml.XmlBeanDefinitionReader (Extension)
                            - org.springframework.beans.factory.support.SimpleBeanDefinitionRegistry (Extension)
                                - org.springframework.core.SimpleAliasRegistry (Extension)
                                    - org.apache.commons.logging.LogFactory (Extension)
                                        - org.apache.commons.logging.LogAdapter (Extension)
                                            - org.apache.commons.logging.LogAdapter$Slf4jAdapter (Extension)
                                                - org.slf4j.LoggerFactory (Extension)
                                                    - org.slf4j.impl.StaticLoggerBinder (Extension)
                                                        - ch.qos.logback.classic.util.ContextSelectorStaticBinder (Extension)
                                                            -> ❌ ch.qos.logback.classic.selector.ContextJNDISelector (Vulnerable Component)

Vulnerability Details

In logback version 1.2.7 and prior versions, an attacker with the required privileges to edit configurations files could craft a malicious configuration allowing to execute arbitrary code loaded from LDAP servers. Converted from WS-2021-0491, on 2022-11-07.

Publish Date: Dec 16, 2021 12:00 AM

URL: CVE-2021-42550

Threat Assessment

Exploit Maturity:Not Defined

EPSS:4.3%

Score: 7.5

Suggested Fix

Type: Upgrade version

Origin: GHSA-668q-qrv7-99fm

Release Date: Dec 16, 2021 12:00 AM

Fix Resolution : ch.qos.logback:logback-core:1.2.9

🔴CVE-2021-42550

Vulnerable Library - logback-core-1.2.7.jar

logback-core module

Library home page: http://www.qos.ch

Path to dependency file: /build.gradle

Path to vulnerable library: /tmp/containerbase/cache/.gradle/caches/modules-2/files-2.1/ch.qos.logback/logback-core/1.2.7/31f7db3c4277023742268c0c3f9b65f1f297e49a/logback-core-1.2.7.jar

Dependency Hierarchy:

  • spring-boot-starter-test-2.6.1.jar (Root Library)
    • spring-boot-starter-2.6.1.jar
      • spring-boot-starter-logging-2.6.1.jar
        • logback-classic-1.2.7.jar
          • logback-core-1.2.7.jar (Vulnerable Library)

Reachability Analysis

This vulnerability is potentially reachable:

- fr.christophetd.log4shell.vulnerableapp.VulnerableAppApplication (Application)
    - org.springframework.boot.autoconfigure.SpringBootApplication (Extension)
        - org.springframework.boot.autoconfigure.AutoConfigurationPackage (Extension)
            - org.springframework.boot.autoconfigure.AutoConfigurationPackages (Extension)
                - org.apache.commons.logging.LogFactory (Extension)
                    - org.apache.commons.logging.LogAdapter (Extension)
                        - org.apache.commons.logging.LogAdapter$Slf4jAdapter (Extension)
                            - org.slf4j.LoggerFactory (Extension)
                                - org.slf4j.impl.StaticLoggerBinder (Extension)
                                    - ch.qos.logback.classic.util.ContextSelectorStaticBinder (Extension)
                                        -> ❌ ch.qos.logback.core.util.OptionHelper (Vulnerable Component)

Vulnerability Details

In logback version 1.2.7 and prior versions, an attacker with the required privileges to edit configurations files could craft a malicious configuration allowing to execute arbitrary code loaded from LDAP servers. Converted from WS-2021-0491, on 2022-11-07.

Publish Date: Dec 16, 2021 12:00 AM

URL: CVE-2021-42550

Threat Assessment

Exploit Maturity:Not Defined

EPSS:4.3%

Score: 7.5

Suggested Fix

Type: Upgrade version

Origin: GHSA-668q-qrv7-99fm

Release Date: Dec 16, 2021 12:00 AM

Fix Resolution : ch.qos.logback:logback-core:1.2.9

🔴CVE-2022-1471

Vulnerable Library - snakeyaml-1.29.jar

YAML 1.1 parser and emitter for Java

Library home page: http://www.snakeyaml.org

Path to dependency file: /build.gradle

Path to vulnerable library: /tmp/containerbase/cache/.gradle/caches/modules-2/files-2.1/org.yaml/snakeyaml/1.29/6d0cdafb2010f1297e574656551d7145240f6e25/snakeyaml-1.29.jar

Dependency Hierarchy:

  • spring-boot-starter-test-2.6.1.jar (Root Library)
    • spring-boot-starter-2.6.1.jar
      • snakeyaml-1.29.jar (Vulnerable Library)

Reachability Analysis

This vulnerability is potentially reachable:

- fr.christophetd.log4shell.vulnerableapp.VulnerableAppApplication (Application)
    - org.springframework.boot.autoconfigure.SpringBootApplication (Extension)
        - org.springframework.boot.autoconfigure.AutoConfigurationImportSelector (Extension)
            - org.springframework.beans.factory.config.ConfigurableListableBeanFactory (Extension)
                - org.springframework.beans.factory.support.DefaultListableBeanFactory$DependencyObjectProvider (Extension)
                    - org.springframework.beans.factory.xml.XmlBeanFactory (Extension)
                        - org.springframework.beans.factory.config.YamlMapFactoryBean (Extension)
                            - org.yaml.snakeyaml.Yaml (Extension)
                                -> ❌ org.yaml.snakeyaml.composer.Composer (Vulnerable Component)

Vulnerability Details

SnakeYaml's Constructor() class does not restrict types which can be instantiated during deserialization. Deserializing yaml content provided by an attacker can lead to remote code execution. We recommend using SnakeYaml's SafeConsturctor when parsing untrusted content to restrict deserialization. We recommend upgrading to version 2.0 and beyond.

Publish Date: Dec 01, 2022 10:47 AM

URL: CVE-2022-1471

Threat Assessment

Exploit Maturity:Functional

EPSS:93.8%

Score: 7.4

Suggested Fix

Type: Upgrade version

Origin: GHSA-mjmj-j48q-9wg2

Release Date: Dec 01, 2022 10:47 AM

Fix Resolution : org.yaml:snakeyaml:2.0

🔴CVE-2018-1257

Vulnerable Library - spring-core-5.3.13.jar

Spring Core

Library home page: https://spring.io/projects/spring-framework

Path to dependency file: /build.gradle

Path to vulnerable library: /tmp/containerbase/cache/.gradle/caches/modules-2/files-2.1/org.springframework/spring-core/5.3.13/d2a6c3372dd337e08144f9f49f386b8ec7a8080d/spring-core-5.3.13.jar

Dependency Hierarchy:

  • spring-boot-starter-web-2.6.1.jar (Root Library)

    • spring-webmvc-5.3.13.jar
      • spring-aop-5.3.13.jar
        • spring-core-5.3.13.jar (Vulnerable Library)

  • spring-boot-starter-test-2.6.1.jar (Root Library)

    • spring-boot-starter-2.6.1.jar
      • spring-boot-2.6.1.jar
        • spring-core-5.3.13.jar (Vulnerable Library)

Reachability Analysis

This vulnerability is potentially reachable:

- fr.christophetd.log4shell.vulnerableapp.VulnerableAppApplication (Application)
    - org.springframework.boot.autoconfigure.SpringBootApplication (Extension)
        - org.springframework.boot.autoconfigure.AutoConfigurationImportSelector (Extension)
            - org.springframework.beans.factory.config.ConfigurableListableBeanFactory (Extension)
                - org.springframework.beans.support.ResourceEditorRegistrar (Extension)
                    - org.springframework.core.io.ResourceEditor (Extension)
                        - org.springframework.core.env.StandardEnvironment (Extension)
                            - org.springframework.core.convert.support.ConfigurableConversionService (Extension)
                                -> ❌ org.springframework.core.convert.support.PropertiesToStringConverter (Vulnerable Component)

Vulnerability Details

Spring Framework, versions 5.0.x prior to 5.0.6, versions 4.3.x prior to 4.3.17, and older unsupported versions allows applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to the broker that can lead to a regular expression, denial of service attack.

Publish Date: May 11, 2018 08:00 PM

URL: CVE-2018-1257

Threat Assessment

Exploit Maturity:Not Defined

EPSS:1.8%

Score: 7.1

Suggested Fix

Type: Upgrade version

Origin: https://nvd.nist.gov/vuln/detail/CVE-2018-1257

Release Date: May 11, 2018 08:00 PM

Fix Resolution : 5.0.6,4.3.17

🔴CVE-2022-38749

Vulnerable Library - snakeyaml-1.29.jar

YAML 1.1 parser and emitter for Java

Library home page: http://www.snakeyaml.org

Path to dependency file: /build.gradle

Path to vulnerable library: /tmp/containerbase/cache/.gradle/caches/modules-2/files-2.1/org.yaml/snakeyaml/1.29/6d0cdafb2010f1297e574656551d7145240f6e25/snakeyaml-1.29.jar

Dependency Hierarchy:

  • spring-boot-starter-test-2.6.1.jar (Root Library)
    • spring-boot-starter-2.6.1.jar
      • snakeyaml-1.29.jar (Vulnerable Library)

Reachability Analysis

This vulnerability is potentially reachable:

- fr.christophetd.log4shell.vulnerableapp.VulnerableAppApplication (Application)
    - org.springframework.boot.autoconfigure.SpringBootApplication (Extension)
        - org.springframework.boot.autoconfigure.AutoConfigurationImportSelector (Extension)
            - org.springframework.beans.factory.config.ConfigurableListableBeanFactory (Extension)
                - org.springframework.beans.factory.support.DefaultListableBeanFactory$MultiElementDescriptor (Extension)
                    - org.springframework.beans.factory.support.DefaultListableBeanFactory (Extension)
                        - org.springframework.beans.factory.config.YamlMapFactoryBean (Extension)
                            - org.springframework.beans.factory.config.YamlProcessor (Extension)
                                -> ❌ org.yaml.snakeyaml.LoaderOptions (Vulnerable Component)

Vulnerability Details

Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.

Publish Date: Sep 05, 2022 12:00 AM

URL: CVE-2022-38749

Threat Assessment

Exploit Maturity:Not Defined

EPSS:< 1%

Score: 7.1

Suggested Fix

Type: Upgrade version

Origin: GHSA-c4r9-r8fh-9vj2

Release Date: Sep 05, 2022 12:00 AM

Fix Resolution : org.yaml:snakeyaml:1.31

🔴CVE-2022-38750

Vulnerable Library - snakeyaml-1.29.jar

YAML 1.1 parser and emitter for Java

Library home page: http://www.snakeyaml.org

Path to dependency file: /build.gradle

Path to vulnerable library: /tmp/containerbase/cache/.gradle/caches/modules-2/files-2.1/org.yaml/snakeyaml/1.29/6d0cdafb2010f1297e574656551d7145240f6e25/snakeyaml-1.29.jar

Dependency Hierarchy:

  • spring-boot-starter-test-2.6.1.jar (Root Library)
    • spring-boot-starter-2.6.1.jar
      • snakeyaml-1.29.jar (Vulnerable Library)

Reachability Analysis

This vulnerability is potentially reachable:

- fr.christophetd.log4shell.vulnerableapp.VulnerableAppApplication (Application)
    - org.springframework.boot.autoconfigure.SpringBootApplication (Extension)
        - org.springframework.boot.autoconfigure.AutoConfigurationImportSelector (Extension)
            - org.springframework.beans.factory.config.ConfigurableListableBeanFactory (Extension)
                - org.springframework.beans.factory.support.DefaultListableBeanFactory$MultiElementDescriptor (Extension)
                    - org.springframework.beans.factory.support.DefaultListableBeanFactory (Extension)
                        - org.springframework.beans.factory.config.YamlMapFactoryBean (Extension)
                            - org.springframework.beans.factory.config.YamlProcessor (Extension)
                                -> ❌ org.yaml.snakeyaml.LoaderOptions (Vulnerable Component)

Vulnerability Details

Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.

Publish Date: Sep 05, 2022 12:00 AM

URL: CVE-2022-38750

Threat Assessment

Exploit Maturity:Not Defined

EPSS:< 1%

Score: 7.1

Suggested Fix

Type: Upgrade version

Origin: GHSA-hhhw-99gj-p3c3

Release Date: Sep 05, 2022 12:00 AM

Fix Resolution : org.yaml:snakeyaml:1.31

🔴CVE-2022-38751

Vulnerable Library - snakeyaml-1.29.jar

YAML 1.1 parser and emitter for Java

Library home page: http://www.snakeyaml.org

Path to dependency file: /build.gradle

Path to vulnerable library: /tmp/containerbase/cache/.gradle/caches/modules-2/files-2.1/org.yaml/snakeyaml/1.29/6d0cdafb2010f1297e574656551d7145240f6e25/snakeyaml-1.29.jar

Dependency Hierarchy:

  • spring-boot-starter-test-2.6.1.jar (Root Library)
    • spring-boot-starter-2.6.1.jar
      • snakeyaml-1.29.jar (Vulnerable Library)

Reachability Analysis

This vulnerability is potentially reachable:

- fr.christophetd.log4shell.vulnerableapp.VulnerableAppApplication (Application)
    - org.springframework.boot.autoconfigure.SpringBootApplication (Extension)
        - org.springframework.boot.autoconfigure.AutoConfigurationImportSelector (Extension)
            - org.springframework.beans.factory.config.ConfigurableListableBeanFactory (Extension)
                - org.springframework.beans.factory.support.DefaultListableBeanFactory$MultiElementDescriptor (Extension)
                    - org.springframework.beans.factory.support.DefaultListableBeanFactory (Extension)
                        - org.springframework.beans.factory.config.YamlMapFactoryBean (Extension)
                            - org.springframework.beans.factory.config.YamlProcessor (Extension)
                                -> ❌ org.yaml.snakeyaml.LoaderOptions (Vulnerable Component)

Vulnerability Details

Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.

Publish Date: Sep 05, 2022 12:00 AM

URL: CVE-2022-38751

Threat Assessment

Exploit Maturity:Not Defined

EPSS:< 1%

Score: 7.1

Suggested Fix

Type: Upgrade version

Origin: GHSA-98wm-3w3q-mw94

Release Date: Sep 05, 2022 12:00 AM

Fix Resolution : org.yaml:snakeyaml:1.31

🔴CVE-2022-38752

Vulnerable Library - snakeyaml-1.29.jar

YAML 1.1 parser and emitter for Java

Library home page: http://www.snakeyaml.org

Path to dependency file: /build.gradle

Path to vulnerable library: /tmp/containerbase/cache/.gradle/caches/modules-2/files-2.1/org.yaml/snakeyaml/1.29/6d0cdafb2010f1297e574656551d7145240f6e25/snakeyaml-1.29.jar

Dependency Hierarchy:

  • spring-boot-starter-test-2.6.1.jar (Root Library)
    • spring-boot-starter-2.6.1.jar
      • snakeyaml-1.29.jar (Vulnerable Library)

Reachability Analysis

This vulnerability is potentially reachable:

- fr.christophetd.log4shell.vulnerableapp.VulnerableAppApplication (Application)
    - org.springframework.boot.autoconfigure.SpringBootApplication (Extension)
        - org.springframework.boot.autoconfigure.AutoConfigurationImportSelector (Extension)
            - org.springframework.beans.factory.config.ConfigurableListableBeanFactory (Extension)
                - org.springframework.beans.factory.support.DefaultListableBeanFactory$MultiElementDescriptor (Extension)
                    - org.springframework.beans.factory.support.DefaultListableBeanFactory (Extension)
                        - org.springframework.beans.factory.config.YamlMapFactoryBean (Extension)
                            - org.springframework.beans.factory.config.YamlProcessor (Extension)
                                -> ❌ org.yaml.snakeyaml.LoaderOptions (Vulnerable Component)

Vulnerability Details

Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack-overflow.

Publish Date: Sep 05, 2022 12:00 AM

URL: CVE-2022-38752

Threat Assessment

Exploit Maturity:Not Defined

EPSS:< 1%

Score: 7.1

Suggested Fix

Type: Upgrade version

Origin: GHSA-9w3m-gqgf-c4p9

Release Date: Sep 05, 2022 12:00 AM

Fix Resolution : org.yaml:snakeyaml:1.32

🟠CVE-2022-22968

Vulnerable Library - spring-context-5.3.13.jar

Spring Context

Library home page: https://spring.io/projects/spring-framework

Path to dependency file: /build.gradle

Path to vulnerable library: /tmp/containerbase/cache/.gradle/caches/modules-2/files-2.1/org.springframework/spring-context/5.3.13/e328db1c30ffe1c58328e4ab42cd3855a5307469/spring-context-5.3.13.jar

Dependency Hierarchy:

  • spring-boot-starter-web-2.6.1.jar (Root Library)

    • spring-webmvc-5.3.13.jar
      • spring-context-5.3.13.jar (Vulnerable Library)

  • spring-boot-starter-test-2.6.1.jar (Root Library)

    • spring-boot-starter-2.6.1.jar
      • spring-boot-2.6.1.jar
        • spring-context-5.3.13.jar (Vulnerable Library)

Reachability Analysis

This vulnerability is potentially reachable:

- fr.christophetd.log4shell.vulnerableapp.VulnerableAppApplication (Application)
    - org.springframework.boot.autoconfigure.SpringBootApplication (Extension)
        - org.springframework.boot.autoconfigure.AutoConfigurationImportSelector (Extension)
            - org.springframework.beans.factory.config.ConfigurableListableBeanFactory (Extension)
                - org.springframework.beans.factory.support.AbstractBeanDefinition (Extension)
                    - org.springframework.beans.factory.xml.XmlBeanFactory (Extension)
                        - org.springframework.beans.factory.annotation.QualifierAnnotationAutowireCandidateResolver (Extension)
                            - org.springframework.test.web.servlet.setup.StubWebApplicationContext$StubBeanFactory (Extension)
                                - org.springframework.test.context.testng.AbstractTestNGSpringContextTests (Extension)
                                    - org.springframework.test.context.web.ServletTestExecutionListener (Extension)
                                        - org.springframework.test.web.servlet.htmlunit.HtmlUnitRequestBuilder$HtmlUnitMockHttpServletRequest (Extension)
                                            - org.springframework.test.web.servlet.htmlunit.HtmlUnitRequestBuilder (Extension)
                                                - org.springframework.test.web.servlet.htmlunit.MockMvcWebConnection (Extension)
                                                    - org.springframework.test.web.servlet.client.MockMvcWebTestClient$1 (Extension)
                                                        - org.springframework.test.web.servlet.client.MockMvcWebTestClient (Extension)
                                                            - org.springframework.test.web.servlet.client.MockMvcWebTestClient$ControllerSpec (Extension)
                                                                - org.springframework.web.method.support.HandlerMethodArgumentResolver (Extension)
                                                                    - org.springframework.web.method.annotation.InitBinderDataBinderFactory (Extension)
                                                                        - org.springframework.web.bind.WebDataBinder (Extension)
                                                                            -> ❌ org.springframework.validation.DataBinder (Vulnerable Component)

Vulnerability Details

In Spring Framework versions 5.3.0 - 5.3.18, 5.2.0 - 5.2.20, and older unsupported versions, the patterns for disallowedFields on a DataBinder are case sensitive which means a field is not effectively protected unless it is listed with both upper and lower case for the first character of the field, including upper and lower case for the first character of all nested fields within the property path.

Publish Date: Apr 14, 2022 08:05 PM

URL: CVE-2022-22968

Threat Assessment

Exploit Maturity:Not Defined

EPSS:16.2%

Score: 6.9

Suggested Fix

Type: Upgrade version

Origin: GHSA-g5mm-vmx4-3rg7

Release Date: Apr 14, 2022 08:05 PM

Fix Resolution : org.springframework:spring-context:5.2.21.RELEASE,org.springframework:spring-context:5.3.19

🟠CVE-2022-41854

Vulnerable Library - snakeyaml-1.29.jar

YAML 1.1 parser and emitter for Java

Library home page: http://www.snakeyaml.org

Path to dependency file: /build.gradle

Path to vulnerable library: /tmp/containerbase/cache/.gradle/caches/modules-2/files-2.1/org.yaml/snakeyaml/1.29/6d0cdafb2010f1297e574656551d7145240f6e25/snakeyaml-1.29.jar

Dependency Hierarchy:

  • spring-boot-starter-test-2.6.1.jar (Root Library)
    • spring-boot-starter-2.6.1.jar
      • snakeyaml-1.29.jar (Vulnerable Library)

Reachability Analysis

This vulnerability is potentially reachable:

- fr.christophetd.log4shell.vulnerableapp.VulnerableAppApplication (Application)
    - org.springframework.boot.SpringApplication (Extension)
        - org.springframework.beans.factory.support.DefaultListableBeanFactory (Extension)
            - org.springframework.beans.factory.config.YamlMapFactoryBean (Extension)
                - org.yaml.snakeyaml.Yaml (Extension)
                    -> ❌ org.yaml.snakeyaml.constructor.BaseConstructor (Vulnerable Component)

Vulnerability Details

Those using Snakeyaml to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack overflow. This effect may support a denial of service attack.

Publish Date: Nov 11, 2022 01:10 PM

URL: CVE-2022-41854

Threat Assessment

Exploit Maturity:Not Defined

EPSS:< 1%

Score: 6.9

Suggested Fix

Type: Upgrade version

Origin: GHSA-w37g-rhq8-7m4j

Release Date: Nov 11, 2022 01:10 PM

Fix Resolution : org.yaml:snakeyaml:1.32

🟠CVE-2022-22970

Vulnerable Library - spring-core-5.3.13.jar

Spring Core

Library home page: https://spring.io/projects/spring-framework

Path to dependency file: /build.gradle

Path to vulnerable library: /tmp/containerbase/cache/.gradle/caches/modules-2/files-2.1/org.springframework/spring-core/5.3.13/d2a6c3372dd337e08144f9f49f386b8ec7a8080d/spring-core-5.3.13.jar

Dependency Hierarchy:

  • spring-boot-starter-web-2.6.1.jar (Root Library)

    • spring-webmvc-5.3.13.jar
      • spring-aop-5.3.13.jar
        • spring-core-5.3.13.jar (Vulnerable Library)

  • spring-boot-starter-test-2.6.1.jar (Root Library)

    • spring-boot-starter-2.6.1.jar
      • spring-boot-2.6.1.jar
        • spring-core-5.3.13.jar (Vulnerable Library)

Reachability Analysis

This vulnerability is potentially reachable:

- fr.christophetd.log4shell.vulnerableapp.VulnerableAppApplication (Application)
    - org.springframework.boot.SpringApplication (Extension)
        - org.springframework.context.annotation.AnnotationConfigUtils (Extension)
            - org.springframework.context.annotation.ConfigurationClassPostProcessor (Extension)
                - org.springframework.context.annotation.ConfigurationClassParser (Extension)
                    - org.springframework.core.annotation.AnnotationUtils (Extension)
                        -> ❌ org.springframework.core.annotation.AnnotationsScanner (Vulnerable Component)

Vulnerability Details

In spring framework versions prior to 5.3.20+ , 5.2.22+ and old unsupported versions, applications that handle file uploads are vulnerable to DoS attack if they rely on data binding to set a MultipartFile or javax.servlet.Part to a field in a model object.

Publish Date: May 12, 2022 07:28 PM

URL: CVE-2022-22970

Threat Assessment

Exploit Maturity:Not Defined

EPSS:< 1%

Score: 6.0

Suggested Fix

Type: Upgrade version

Origin: GHSA-hh26-6xwr-ggv7

Release Date: May 12, 2022 07:28 PM

Fix Resolution : org.springframework:spring-beans:5.2.22.RELEASE,org.springframework:spring-beans:5.3.20

🟠CVE-2025-22235

Vulnerable Library - spring-boot-2.6.1.jar

Spring Boot

Library home page: https://spring.io/projects/spring-boot

Path to dependency file: /build.gradle

Path to vulnerable library: /tmp/containerbase/cache/.gradle/caches/modules-2/files-2.1/org.springframework.boot/spring-boot/2.6.1/f670cee55752c1f1b304508e18bafd000e543174/spring-boot-2.6.1.jar

Dependency Hierarchy:

  • spring-boot-starter-test-2.6.1.jar (Root Library)
    • spring-boot-starter-2.6.1.jar
      • spring-boot-2.6.1.jar (Vulnerable Library)

Vulnerability Details

In Spring Boot, the EndpointRequest.to() creates a matcher for null/** if the actuator endpoint, for which the EndpointRequest has been created, is disabled or not exposed.

Publish Date: Apr 28, 2025 07:10 AM

URL: CVE-2025-22235

Threat Assessment

Exploit Maturity:Functional

EPSS:< 1%

Score: 5.5

Suggested Fix

Type: Upgrade version

Origin: spring-projects/spring-boot@55f67c9

Release Date: Apr 24, 2025 09:00 PM

Fix Resolution : https://github.com/spring-projects/spring-boot.git - v3.4.5,https://github.com/spring-projects/spring-boot.git - v3.3.11,org.springframework.boot:spring-boot-actuator-autoconfigure:3.4.5,org.springframework.boot:spring-boot-actuator-autoconfigure:3.3.11,org.springframework.boot:spring-boot:3.4.5,org.springframework.boot:spring-boot:3.3.11

🟠CVE-2021-22060

Vulnerable Library - spring-core-5.3.13.jar

Spring Core

Library home page: https://spring.io/projects/spring-framework

Path to dependency file: /build.gradle

Path to vulnerable library: /tmp/containerbase/cache/.gradle/caches/modules-2/files-2.1/org.springframework/spring-core/5.3.13/d2a6c3372dd337e08144f9f49f386b8ec7a8080d/spring-core-5.3.13.jar

Dependency Hierarchy:

  • spring-boot-starter-web-2.6.1.jar (Root Library)

    • spring-webmvc-5.3.13.jar
      • spring-aop-5.3.13.jar
        • spring-core-5.3.13.jar (Vulnerable Library)

  • spring-boot-starter-test-2.6.1.jar (Root Library)

    • spring-boot-starter-2.6.1.jar
      • spring-boot-2.6.1.jar
        • spring-core-5.3.13.jar (Vulnerable Library)

Reachability Analysis

This vulnerability is potentially reachable:

- fr.christophetd.log4shell.vulnerableapp.VulnerableAppApplication (Application)
    - org.springframework.boot.autoconfigure.SpringBootApplication (Extension)
        - org.springframework.boot.autoconfigure.AutoConfigurationImportSelector (Extension)
            - org.springframework.boot.context.properties.bind.Binder (Extension)
                - org.springframework.boot.context.config.ConfigDataEnvironmentContributors$InactiveSourceChecker (Extension)
                    - org.springframework.boot.context.config.ConfigDataEnvironmentContributors (Extension)
                        - org.springframework.boot.ConfigurableBootstrapContext (Extension)
                            - org.springframework.boot.context.config.AnsiOutputApplicationListener (Extension)
                                - org.springframework.boot.env.EnvironmentPostProcessorApplicationListener (Extension)
                                    - org.springframework.boot.env.EnvironmentPostProcessorsFactory (Extension)
                                        - org.springframework.boot.env.ReflectionEnvironmentPostProcessorsFactory (Extension)
                                            - org.springframework.boot.env.SpringApplicationJsonEnvironmentPostProcessor (Extension)
                                                - org.springframework.web.context.support.StandardServletEnvironment (Extension)
                                                    - org.springframework.web.context.support.WebApplicationContextUtils (Extension)
                                                        - org.springframework.web.context.support.AnnotationConfigWebApplicationContext (Extension)
                                                            - org.springframework.context.annotation.AnnotationConfigUtils (Extension)
                                                                - org.springframework.context.annotation.ConfigurationClassPostProcessor (Extension)
                                                                    - org.springframework.context.annotation.ConfigurationClassUtils (Extension)
                                                                        - org.springframework.core.annotation.AnnotationUtils (Extension)
                                                                            - org.springframework.core.annotation.AnnotationsScanner (Extension)
                                                                                -> ❌ org.springframework.core.annotation.AnnotationsScanner$1 (Vulnerable Component)

Vulnerability Details

In Spring Framework versions 5.3.0 - 5.3.13, 5.2.0 - 5.2.18, and older unsupported versions, it is possible for a user to provide malicious input to cause the insertion of additional log entries. This is a follow-up to CVE-2021-22096 that protects against additional types of input and in more places of the Spring Framework codebase.

Publish Date: Jan 07, 2022 10:39 PM

URL: CVE-2021-22060

Threat Assessment

Exploit Maturity:Not Defined

EPSS:< 1%

Score: 5.3

Suggested Fix

Type: Upgrade version

Origin: GHSA-6gf2-pvqw-37ph

Release Date: Jan 07, 2022 10:39 PM

Fix Resolution : org.springframework:spring-core:5.3.14

🟡CVE-2024-38820

Vulnerable Library - spring-core-5.3.13.jar

Spring Core

Library home page: https://spring.io/projects/spring-framework

Path to dependency file: /build.gradle

Path to vulnerable library: /tmp/containerbase/cache/.gradle/caches/modules-2/files-2.1/org.springframework/spring-core/5.3.13/d2a6c3372dd337e08144f9f49f386b8ec7a8080d/spring-core-5.3.13.jar

Dependency Hierarchy:

  • spring-boot-starter-web-2.6.1.jar (Root Library)

    • spring-webmvc-5.3.13.jar
      • spring-aop-5.3.13.jar
        • spring-core-5.3.13.jar (Vulnerable Library)

  • spring-boot-starter-test-2.6.1.jar (Root Library)

    • spring-boot-starter-2.6.1.jar
      • spring-boot-2.6.1.jar
        • spring-core-5.3.13.jar (Vulnerable Library)

Vulnerability Details

The fix for CVE-2022-22968 made disallowedFields patterns in DataBinder case insensitive. However, String.toLowerCase() has some Locale dependent exceptions that could potentially result in fields not protected as expected.

Publish Date: Oct 18, 2024 05:39 AM

URL: CVE-2024-38820

Threat Assessment

Exploit Maturity:Not Defined

EPSS:< 1%

Score: 2.3

Suggested Fix

Type: Upgrade version

Origin: GHSA-4gc7-5j7h-4qph

Release Date: Oct 18, 2024 05:39 AM

Fix Resolution : org.springframework:spring-context:6.1.14

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions