Spring Security Advisories

This page lists Spring advisories.

CVE-2018-1257: ReDoS Attack with spring-messaging

HIGH | MAY 09, 2018 | CVE-2018-1257

Affected Spring Products and Versions Mitigation Credit This issue was identified and responsibly reported by Muneaki Nishimura (nishimunea) of Recruit Technologies Co., Ltd. References Example

CVE-2018-1260: Remote Code Execution with spring-security-oauth2

CRITICAL | MAY 09, 2018 | CVE-2018-1260

Affected Spring Products and Versions Mitigation Credit This issue was identified and responsibly reported by Philippe Arteau from GoSecure. References Spring Security OAuth

Reporting a vulnerability

To report a security vulnerability for a project within the Spring portfolio, see the Security Policy

Spring Security Advisories

CVE-2018-1257: ReDoS Attack with spring-messaging

CVE-2018-1260: Remote Code Execution with spring-security-oauth2

Reporting a vulnerability

Get ahead

Get support

Upcoming events