Skip to content

[🐸 Frogbot] Update version of org.springframework:spring-webmvc to 6.2.17#6

Open
github-actions[bot] wants to merge 1 commit into
masterfrom
frogbot-org.springframework_spring-webmvc-8764978ee07da15e861fbb7380c86078
Open

[🐸 Frogbot] Update version of org.springframework:spring-webmvc to 6.2.17#6
github-actions[bot] wants to merge 1 commit into
masterfrom
frogbot-org.springframework_spring-webmvc-8764978ee07da15e861fbb7380c86078

Conversation

@github-actions

Copy link
Copy Markdown

🚨 This automated pull request was created by Frogbot and fixes the below:

📦 Vulnerable Dependencies

Severity ID Contextual Analysis Direct Dependencies Impacted Dependency Fixed Versions
medium
Medium
CVE-2025-41242 Missing Context org.springframework:spring-webmvc:5.3.39 org.springframework:spring-webmvc 5.3.39 [6.2.10]

🔖 Details

Vulnerability Details

Contextual Analysis: Missing Context
Direct Dependencies: org.springframework:spring-webmvc:5.3.39
Impacted Dependency: org.springframework:spring-webmvc:5.3.39
Fixed Versions: [6.2.10]
CVSS V3: 5.9

Spring Framework MVC applications can be vulnerable to a “Path Traversal Vulnerability” when deployed on a non-compliant Servlet container.

An application can be vulnerable when all the following are true:

We have verified that applications deployed on Apache Tomcat or Eclipse Jetty are not vulnerable, as long as default security features are not disabled in the configuration. Because we cannot check exploits against all Servlet containers and configuration variants, we strongly recommend upgrading your application.


Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant