Vulnerabilities (CVE)

Filtered by vendor Vmware Subscribe
Filtered by product Spring Framework
Total 2 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-22096 1 Vmware 1 Spring Framework 2021-11-25 4.0 MEDIUM 4.3 MEDIUM
In Spring Framework versions 5.3.0 - 5.3.10, 5.2.0 - 5.2.17, and older unsupported versions, it is possible for a user to provide malicious input to cause the insertion of additional log entries.
CVE-2021-22118 1 Vmware 1 Spring Framework 2021-10-20 4.6 MEDIUM 7.8 HIGH
In Spring Framework, versions 5.2.x prior to 5.2.15 and versions 5.3.x prior to 5.3.7, a WebFlux application is vulnerable to a privilege escalation: by (re)creating the temporary storage directory, a locally authenticated malicious user can read or modify files that have been uploaded to the WebFlux application, or overwrite arbitrary files with multipart request data.