Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
8 vulnerabilities found for Spring Data Commons by Spring
CVE-2026-41721 (GCVE-0-2026-41721)
Vulnerability from nvd – Published: 2026-06-09 23:48 – Updated: 2026-06-09 23:48
VLAI
Title
Spring Data Commons Denial of Service via Data Binding
Summary
Spring Data Commons contains a vulnerability that can lead to a Denial of Service (DoS) condition if Spring Data Web Support is enabled in conjunction with a Controller method using @ProjectedPayload, when an attacker sends a specially crafted HTTP request that causes the application to allocate lots of memory.
Affected versions:
Spring Data Commons 4.0.0 through 4.0.5; 3.5.0 through 3.5.11; 3.4.0 through 3.4.14; 3.3.0 through 3.3.16; 3.2.0 through 3.2.15; 3.1.0 through 3.1.14; 3.0.0 through 3.0.15; 2.7.0 through 2.7.19.
Severity
5.9 (Medium)
CWE
- CWE-400 - Uncontrolled Resource Consumption
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Spring | Spring Data Commons |
Affected:
4.0.0 , < 4.0.6
(custom)
Affected: 3.5.0 , < 3.5.12 (custom) Affected: 3.4.0 , < 3.4.15 (custom) Affected: 3.3.0 , < 3.3.17 (custom) Affected: 3.2.0 , < 3.2.16 (custom) Affected: 3.1.0 , < 3.1.15 (custom) Affected: 3.0.0 , < 3.0.16 (custom) Affected: 2.7.0 , < 2.7.20 (custom) |
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Spring Data Commons",
"vendor": "Spring",
"versions": [
{
"lessThan": "4.0.6",
"status": "affected",
"version": "4.0.0",
"versionType": "custom"
},
{
"lessThan": "3.5.12",
"status": "affected",
"version": "3.5.0",
"versionType": "custom"
},
{
"lessThan": "3.4.15",
"status": "affected",
"version": "3.4.0",
"versionType": "custom"
},
{
"lessThan": "3.3.17",
"status": "affected",
"version": "3.3.0",
"versionType": "custom"
},
{
"lessThan": "3.2.16",
"status": "affected",
"version": "3.2.0",
"versionType": "custom"
},
{
"lessThan": "3.1.15",
"status": "affected",
"version": "3.1.0",
"versionType": "custom"
},
{
"lessThan": "3.0.16",
"status": "affected",
"version": "3.0.0",
"versionType": "custom"
},
{
"lessThan": "2.7.20",
"status": "affected",
"version": "2.7.0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Spring Data Commons contains a vulnerability that can lead to a Denial of Service (DoS) condition if Spring Data Web Support is enabled in conjunction with a Controller method using @ProjectedPayload, when an attacker sends a specially crafted HTTP request that causes the application to allocate lots of memory.\n\nAffected versions:\nSpring Data Commons 4.0.0 through 4.0.5; 3.5.0 through 3.5.11; 3.4.0 through 3.4.14; 3.3.0 through 3.3.16; 3.2.0 through 3.2.15; 3.1.0 through 3.1.14; 3.0.0 through 3.0.15; 2.7.0 through 2.7.19."
}
],
"value": "Spring Data Commons contains a vulnerability that can lead to a Denial of Service (DoS) condition if Spring Data Web Support is enabled in conjunction with a Controller method using @ProjectedPayload, when an attacker sends a specially crafted HTTP request that causes the application to allocate lots of memory.\n\nAffected versions:\nSpring Data Commons 4.0.0 through 4.0.5; 3.5.0 through 3.5.11; 3.4.0 through 3.4.14; 3.3.0 through 3.3.16; 3.2.0 through 3.2.15; 3.1.0 through 3.1.14; 3.0.0 through 3.0.15; 2.7.0 through 2.7.19."
}
],
"impacts": [
{
"descriptions": [
{
"lang": "en",
"value": "An attacker can send a specially crafted HTTP request to a Spring Data Web @ProjectedPayload endpoint to cause excessive memory allocation and denial of service."
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400: Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-09T23:48:47.132Z",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"url": "https://spring.io/security/cve-2026-41721"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Spring Data Commons Denial of Service via Data Binding",
"x_generator": {
"engine": "Vulnogram 1.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2026-41721",
"datePublished": "2026-06-09T23:48:47.132Z",
"dateReserved": "2026-04-22T06:21:37.021Z",
"dateUpdated": "2026-06-09T23:48:47.132Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-41716 (GCVE-0-2026-41716)
Vulnerability from nvd – Published: 2026-06-09 23:48 – Updated: 2026-06-09 23:48
VLAI
Title
Spring Data web support unbounded negative-result cache keyed on attacker-supplied property names
Summary
Spring Data's internal property-lookup cache accepts and permanently retains attacker-supplied strings as cache keys, allowing heap exhaustion through repeated requests.
Affected versions:
Spring Data Commons 2.7.0 through 2.7.19; 3.3.0 through 3.3.16; 3.4.0 through 3.4.14; 3.5.0 through 3.5.11; 4.0.0 through 4.0.5.
Severity
7.5 (High)
CWE
- CWE-770 - Allocation of Resources Without Limits or Throttling
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Spring | Spring Data Commons |
Affected:
2.7.0 , < 2.7.20
(custom)
Affected: 3.3.0 , < 3.3.17 (custom) Affected: 3.4.0 , < 3.4.15 (custom) Affected: 3.5.0 , < 3.5.12 (custom) Affected: 4.0.0 , < 4.0.6 (custom) |
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Spring Data Commons",
"vendor": "Spring",
"versions": [
{
"lessThan": "2.7.20",
"status": "affected",
"version": "2.7.0",
"versionType": "custom"
},
{
"lessThan": "3.3.17",
"status": "affected",
"version": "3.3.0",
"versionType": "custom"
},
{
"lessThan": "3.4.15",
"status": "affected",
"version": "3.4.0",
"versionType": "custom"
},
{
"lessThan": "3.5.12",
"status": "affected",
"version": "3.5.0",
"versionType": "custom"
},
{
"lessThan": "4.0.6",
"status": "affected",
"version": "4.0.0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Spring Data\u0027s internal property-lookup cache accepts and permanently retains attacker-supplied strings as cache keys, allowing heap exhaustion through repeated requests.\n\nAffected versions:\nSpring Data Commons 2.7.0 through 2.7.19; 3.3.0 through 3.3.16; 3.4.0 through 3.4.14; 3.5.0 through 3.5.11; 4.0.0 through 4.0.5."
}
],
"value": "Spring Data\u0027s internal property-lookup cache accepts and permanently retains attacker-supplied strings as cache keys, allowing heap exhaustion through repeated requests.\n\nAffected versions:\nSpring Data Commons 2.7.0 through 2.7.19; 3.3.0 through 3.3.16; 3.4.0 through 3.4.14; 3.5.0 through 3.5.11; 4.0.0 through 4.0.5."
}
],
"impacts": [
{
"descriptions": [
{
"lang": "en",
"value": "An attacker who can forward HTTP-supplied strings to PropertyPath.from can permanently grow the internal property-lookup cache without bound, exhausting heap memory and causing denial of service."
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-770",
"description": "CWE-770: Allocation of Resources Without Limits or Throttling",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-09T23:48:20.282Z",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"url": "https://spring.io/security/cve-2026-41716"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Spring Data web support unbounded negative-result cache keyed on attacker-supplied property names",
"x_generator": {
"engine": "Vulnogram 1.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2026-41716",
"datePublished": "2026-06-09T23:48:20.282Z",
"dateReserved": "2026-04-22T06:21:37.020Z",
"dateUpdated": "2026-06-09T23:48:20.282Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-41711 (GCVE-0-2026-41711)
Vulnerability from nvd – Published: 2026-06-09 23:48 – Updated: 2026-06-09 23:48
VLAI
Title
Potential Denial of Service through crafted Sort Parameters
Summary
Applications using Spring Data Commons may be vulnerable to a Denial of Service (DoS) attack leading to a StackOverflowException when parsing Sort parameters.
Affected versions:
Spring Data Commons 4.0.0 through 4.0.5; 3.5.0 through 3.5.11; 3.4.0 through 3.4.14; 3.3.0 through 3.3.16; 3.2.0 through 3.2.15; 3.1.0 through 3.1.14; 3.0.0 through 3.0.15; 2.7.0 through 2.7.19.
Severity
5.9 (Medium)
CWE
- CWE-400 - Uncontrolled Resource Consumption
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Spring | Spring Data Commons |
Affected:
4.0.0 , < 4.0.6
(custom)
Affected: 3.5.0 , < 3.5.12 (custom) Affected: 3.4.0 , < 3.4.15 (custom) Affected: 3.3.0 , < 3.3.17 (custom) Affected: 3.2.0 , < 3.2.16 (custom) Affected: 3.1.0 , < 3.1.15 (custom) Affected: 3.0.0 , < 3.0.16 (custom) Affected: 2.7.0 , < 2.7.20 (custom) |
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Spring Data Commons",
"vendor": "Spring",
"versions": [
{
"lessThan": "4.0.6",
"status": "affected",
"version": "4.0.0",
"versionType": "custom"
},
{
"lessThan": "3.5.12",
"status": "affected",
"version": "3.5.0",
"versionType": "custom"
},
{
"lessThan": "3.4.15",
"status": "affected",
"version": "3.4.0",
"versionType": "custom"
},
{
"lessThan": "3.3.17",
"status": "affected",
"version": "3.3.0",
"versionType": "custom"
},
{
"lessThan": "3.2.16",
"status": "affected",
"version": "3.2.0",
"versionType": "custom"
},
{
"lessThan": "3.1.15",
"status": "affected",
"version": "3.1.0",
"versionType": "custom"
},
{
"lessThan": "3.0.16",
"status": "affected",
"version": "3.0.0",
"versionType": "custom"
},
{
"lessThan": "2.7.20",
"status": "affected",
"version": "2.7.0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Applications using Spring Data Commons may be vulnerable to a Denial of Service (DoS) attack leading to a StackOverflowException when parsing Sort parameters.\n\nAffected versions:\nSpring Data Commons 4.0.0 through 4.0.5; 3.5.0 through 3.5.11; 3.4.0 through 3.4.14; 3.3.0 through 3.3.16; 3.2.0 through 3.2.15; 3.1.0 through 3.1.14; 3.0.0 through 3.0.15; 2.7.0 through 2.7.19."
}
],
"value": "Applications using Spring Data Commons may be vulnerable to a Denial of Service (DoS) attack leading to a StackOverflowException when parsing Sort parameters.\n\nAffected versions:\nSpring Data Commons 4.0.0 through 4.0.5; 3.5.0 through 3.5.11; 3.4.0 through 3.4.14; 3.3.0 through 3.3.16; 3.2.0 through 3.2.15; 3.1.0 through 3.1.14; 3.0.0 through 3.0.15; 2.7.0 through 2.7.19."
}
],
"impacts": [
{
"descriptions": [
{
"lang": "en",
"value": "An attacker who can supply crafted Sort parameters to an exposed Spring Data Commons endpoint can trigger a StackOverflowException, causing denial of service."
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400: Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-09T23:48:12.215Z",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"url": "https://spring.io/security/cve-2026-41711"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Potential Denial of Service through crafted Sort Parameters",
"x_generator": {
"engine": "Vulnogram 1.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2026-41711",
"datePublished": "2026-06-09T23:48:12.215Z",
"dateReserved": "2026-04-22T06:21:34.490Z",
"dateUpdated": "2026-06-09T23:48:12.215Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-41695 (GCVE-0-2026-41695)
Vulnerability from nvd – Published: 2026-06-09 23:47 – Updated: 2026-06-09 23:47
VLAI
Title
Denial of Service in Spring Data Commons Property Path Resolution
Summary
Spring Data Commons applications may be vulnerable to denial of service through resource exhaustion when attacker-controlled property path strings are passed to MappingContext property path resolution.
Affected versions:
Spring Data Commons 4.0.0 through 4.0.5; 3.5.0 through 3.5.11; 3.4.0 through 3.4.14.
Severity
7.5 (High)
CWE
- CWE-400 - Uncontrolled Resource Consumption
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Spring | Spring Data Commons |
Affected:
4.0.0 , < 4.0.6
(custom)
Affected: 3.5.0 , < 3.5.12 (custom) Affected: 3.4.0 , < 3.4.15 (custom) |
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Spring Data Commons",
"vendor": "Spring",
"versions": [
{
"lessThan": "4.0.6",
"status": "affected",
"version": "4.0.0",
"versionType": "custom"
},
{
"lessThan": "3.5.12",
"status": "affected",
"version": "3.5.0",
"versionType": "custom"
},
{
"lessThan": "3.4.15",
"status": "affected",
"version": "3.4.0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Spring Data Commons applications may be vulnerable to denial of service through resource exhaustion when attacker-controlled property path strings are passed to MappingContext property path resolution.\n\nAffected versions:\nSpring Data Commons 4.0.0 through 4.0.5; 3.5.0 through 3.5.11; 3.4.0 through 3.4.14."
}
],
"value": "Spring Data Commons applications may be vulnerable to denial of service through resource exhaustion when attacker-controlled property path strings are passed to MappingContext property path resolution.\n\nAffected versions:\nSpring Data Commons 4.0.0 through 4.0.5; 3.5.0 through 3.5.11; 3.4.0 through 3.4.14."
}
],
"impacts": [
{
"descriptions": [
{
"lang": "en",
"value": "An attacker who can supply attacker-controlled property path strings to MappingContext property path resolution can trigger resource exhaustion and denial of service."
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400: Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-09T23:47:33.927Z",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"url": "https://spring.io/security/cve-2026-41695"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Denial of Service in Spring Data Commons Property Path Resolution",
"x_generator": {
"engine": "Vulnogram 1.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2026-41695",
"datePublished": "2026-06-09T23:47:33.927Z",
"dateReserved": "2026-04-22T06:21:22.981Z",
"dateUpdated": "2026-06-09T23:47:33.927Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-41721 (GCVE-0-2026-41721)
Vulnerability from cvelistv5 – Published: 2026-06-09 23:48 – Updated: 2026-06-09 23:48
VLAI
Title
Spring Data Commons Denial of Service via Data Binding
Summary
Spring Data Commons contains a vulnerability that can lead to a Denial of Service (DoS) condition if Spring Data Web Support is enabled in conjunction with a Controller method using @ProjectedPayload, when an attacker sends a specially crafted HTTP request that causes the application to allocate lots of memory.
Affected versions:
Spring Data Commons 4.0.0 through 4.0.5; 3.5.0 through 3.5.11; 3.4.0 through 3.4.14; 3.3.0 through 3.3.16; 3.2.0 through 3.2.15; 3.1.0 through 3.1.14; 3.0.0 through 3.0.15; 2.7.0 through 2.7.19.
Severity
5.9 (Medium)
CWE
- CWE-400 - Uncontrolled Resource Consumption
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Spring | Spring Data Commons |
Affected:
4.0.0 , < 4.0.6
(custom)
Affected: 3.5.0 , < 3.5.12 (custom) Affected: 3.4.0 , < 3.4.15 (custom) Affected: 3.3.0 , < 3.3.17 (custom) Affected: 3.2.0 , < 3.2.16 (custom) Affected: 3.1.0 , < 3.1.15 (custom) Affected: 3.0.0 , < 3.0.16 (custom) Affected: 2.7.0 , < 2.7.20 (custom) |
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Spring Data Commons",
"vendor": "Spring",
"versions": [
{
"lessThan": "4.0.6",
"status": "affected",
"version": "4.0.0",
"versionType": "custom"
},
{
"lessThan": "3.5.12",
"status": "affected",
"version": "3.5.0",
"versionType": "custom"
},
{
"lessThan": "3.4.15",
"status": "affected",
"version": "3.4.0",
"versionType": "custom"
},
{
"lessThan": "3.3.17",
"status": "affected",
"version": "3.3.0",
"versionType": "custom"
},
{
"lessThan": "3.2.16",
"status": "affected",
"version": "3.2.0",
"versionType": "custom"
},
{
"lessThan": "3.1.15",
"status": "affected",
"version": "3.1.0",
"versionType": "custom"
},
{
"lessThan": "3.0.16",
"status": "affected",
"version": "3.0.0",
"versionType": "custom"
},
{
"lessThan": "2.7.20",
"status": "affected",
"version": "2.7.0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Spring Data Commons contains a vulnerability that can lead to a Denial of Service (DoS) condition if Spring Data Web Support is enabled in conjunction with a Controller method using @ProjectedPayload, when an attacker sends a specially crafted HTTP request that causes the application to allocate lots of memory.\n\nAffected versions:\nSpring Data Commons 4.0.0 through 4.0.5; 3.5.0 through 3.5.11; 3.4.0 through 3.4.14; 3.3.0 through 3.3.16; 3.2.0 through 3.2.15; 3.1.0 through 3.1.14; 3.0.0 through 3.0.15; 2.7.0 through 2.7.19."
}
],
"value": "Spring Data Commons contains a vulnerability that can lead to a Denial of Service (DoS) condition if Spring Data Web Support is enabled in conjunction with a Controller method using @ProjectedPayload, when an attacker sends a specially crafted HTTP request that causes the application to allocate lots of memory.\n\nAffected versions:\nSpring Data Commons 4.0.0 through 4.0.5; 3.5.0 through 3.5.11; 3.4.0 through 3.4.14; 3.3.0 through 3.3.16; 3.2.0 through 3.2.15; 3.1.0 through 3.1.14; 3.0.0 through 3.0.15; 2.7.0 through 2.7.19."
}
],
"impacts": [
{
"descriptions": [
{
"lang": "en",
"value": "An attacker can send a specially crafted HTTP request to a Spring Data Web @ProjectedPayload endpoint to cause excessive memory allocation and denial of service."
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400: Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-09T23:48:47.132Z",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"url": "https://spring.io/security/cve-2026-41721"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Spring Data Commons Denial of Service via Data Binding",
"x_generator": {
"engine": "Vulnogram 1.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2026-41721",
"datePublished": "2026-06-09T23:48:47.132Z",
"dateReserved": "2026-04-22T06:21:37.021Z",
"dateUpdated": "2026-06-09T23:48:47.132Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-41716 (GCVE-0-2026-41716)
Vulnerability from cvelistv5 – Published: 2026-06-09 23:48 – Updated: 2026-06-09 23:48
VLAI
Title
Spring Data web support unbounded negative-result cache keyed on attacker-supplied property names
Summary
Spring Data's internal property-lookup cache accepts and permanently retains attacker-supplied strings as cache keys, allowing heap exhaustion through repeated requests.
Affected versions:
Spring Data Commons 2.7.0 through 2.7.19; 3.3.0 through 3.3.16; 3.4.0 through 3.4.14; 3.5.0 through 3.5.11; 4.0.0 through 4.0.5.
Severity
7.5 (High)
CWE
- CWE-770 - Allocation of Resources Without Limits or Throttling
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Spring | Spring Data Commons |
Affected:
2.7.0 , < 2.7.20
(custom)
Affected: 3.3.0 , < 3.3.17 (custom) Affected: 3.4.0 , < 3.4.15 (custom) Affected: 3.5.0 , < 3.5.12 (custom) Affected: 4.0.0 , < 4.0.6 (custom) |
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Spring Data Commons",
"vendor": "Spring",
"versions": [
{
"lessThan": "2.7.20",
"status": "affected",
"version": "2.7.0",
"versionType": "custom"
},
{
"lessThan": "3.3.17",
"status": "affected",
"version": "3.3.0",
"versionType": "custom"
},
{
"lessThan": "3.4.15",
"status": "affected",
"version": "3.4.0",
"versionType": "custom"
},
{
"lessThan": "3.5.12",
"status": "affected",
"version": "3.5.0",
"versionType": "custom"
},
{
"lessThan": "4.0.6",
"status": "affected",
"version": "4.0.0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Spring Data\u0027s internal property-lookup cache accepts and permanently retains attacker-supplied strings as cache keys, allowing heap exhaustion through repeated requests.\n\nAffected versions:\nSpring Data Commons 2.7.0 through 2.7.19; 3.3.0 through 3.3.16; 3.4.0 through 3.4.14; 3.5.0 through 3.5.11; 4.0.0 through 4.0.5."
}
],
"value": "Spring Data\u0027s internal property-lookup cache accepts and permanently retains attacker-supplied strings as cache keys, allowing heap exhaustion through repeated requests.\n\nAffected versions:\nSpring Data Commons 2.7.0 through 2.7.19; 3.3.0 through 3.3.16; 3.4.0 through 3.4.14; 3.5.0 through 3.5.11; 4.0.0 through 4.0.5."
}
],
"impacts": [
{
"descriptions": [
{
"lang": "en",
"value": "An attacker who can forward HTTP-supplied strings to PropertyPath.from can permanently grow the internal property-lookup cache without bound, exhausting heap memory and causing denial of service."
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-770",
"description": "CWE-770: Allocation of Resources Without Limits or Throttling",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-09T23:48:20.282Z",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"url": "https://spring.io/security/cve-2026-41716"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Spring Data web support unbounded negative-result cache keyed on attacker-supplied property names",
"x_generator": {
"engine": "Vulnogram 1.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2026-41716",
"datePublished": "2026-06-09T23:48:20.282Z",
"dateReserved": "2026-04-22T06:21:37.020Z",
"dateUpdated": "2026-06-09T23:48:20.282Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-41711 (GCVE-0-2026-41711)
Vulnerability from cvelistv5 – Published: 2026-06-09 23:48 – Updated: 2026-06-09 23:48
VLAI
Title
Potential Denial of Service through crafted Sort Parameters
Summary
Applications using Spring Data Commons may be vulnerable to a Denial of Service (DoS) attack leading to a StackOverflowException when parsing Sort parameters.
Affected versions:
Spring Data Commons 4.0.0 through 4.0.5; 3.5.0 through 3.5.11; 3.4.0 through 3.4.14; 3.3.0 through 3.3.16; 3.2.0 through 3.2.15; 3.1.0 through 3.1.14; 3.0.0 through 3.0.15; 2.7.0 through 2.7.19.
Severity
5.9 (Medium)
CWE
- CWE-400 - Uncontrolled Resource Consumption
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Spring | Spring Data Commons |
Affected:
4.0.0 , < 4.0.6
(custom)
Affected: 3.5.0 , < 3.5.12 (custom) Affected: 3.4.0 , < 3.4.15 (custom) Affected: 3.3.0 , < 3.3.17 (custom) Affected: 3.2.0 , < 3.2.16 (custom) Affected: 3.1.0 , < 3.1.15 (custom) Affected: 3.0.0 , < 3.0.16 (custom) Affected: 2.7.0 , < 2.7.20 (custom) |
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Spring Data Commons",
"vendor": "Spring",
"versions": [
{
"lessThan": "4.0.6",
"status": "affected",
"version": "4.0.0",
"versionType": "custom"
},
{
"lessThan": "3.5.12",
"status": "affected",
"version": "3.5.0",
"versionType": "custom"
},
{
"lessThan": "3.4.15",
"status": "affected",
"version": "3.4.0",
"versionType": "custom"
},
{
"lessThan": "3.3.17",
"status": "affected",
"version": "3.3.0",
"versionType": "custom"
},
{
"lessThan": "3.2.16",
"status": "affected",
"version": "3.2.0",
"versionType": "custom"
},
{
"lessThan": "3.1.15",
"status": "affected",
"version": "3.1.0",
"versionType": "custom"
},
{
"lessThan": "3.0.16",
"status": "affected",
"version": "3.0.0",
"versionType": "custom"
},
{
"lessThan": "2.7.20",
"status": "affected",
"version": "2.7.0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Applications using Spring Data Commons may be vulnerable to a Denial of Service (DoS) attack leading to a StackOverflowException when parsing Sort parameters.\n\nAffected versions:\nSpring Data Commons 4.0.0 through 4.0.5; 3.5.0 through 3.5.11; 3.4.0 through 3.4.14; 3.3.0 through 3.3.16; 3.2.0 through 3.2.15; 3.1.0 through 3.1.14; 3.0.0 through 3.0.15; 2.7.0 through 2.7.19."
}
],
"value": "Applications using Spring Data Commons may be vulnerable to a Denial of Service (DoS) attack leading to a StackOverflowException when parsing Sort parameters.\n\nAffected versions:\nSpring Data Commons 4.0.0 through 4.0.5; 3.5.0 through 3.5.11; 3.4.0 through 3.4.14; 3.3.0 through 3.3.16; 3.2.0 through 3.2.15; 3.1.0 through 3.1.14; 3.0.0 through 3.0.15; 2.7.0 through 2.7.19."
}
],
"impacts": [
{
"descriptions": [
{
"lang": "en",
"value": "An attacker who can supply crafted Sort parameters to an exposed Spring Data Commons endpoint can trigger a StackOverflowException, causing denial of service."
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400: Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-09T23:48:12.215Z",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"url": "https://spring.io/security/cve-2026-41711"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Potential Denial of Service through crafted Sort Parameters",
"x_generator": {
"engine": "Vulnogram 1.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2026-41711",
"datePublished": "2026-06-09T23:48:12.215Z",
"dateReserved": "2026-04-22T06:21:34.490Z",
"dateUpdated": "2026-06-09T23:48:12.215Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-41695 (GCVE-0-2026-41695)
Vulnerability from cvelistv5 – Published: 2026-06-09 23:47 – Updated: 2026-06-09 23:47
VLAI
Title
Denial of Service in Spring Data Commons Property Path Resolution
Summary
Spring Data Commons applications may be vulnerable to denial of service through resource exhaustion when attacker-controlled property path strings are passed to MappingContext property path resolution.
Affected versions:
Spring Data Commons 4.0.0 through 4.0.5; 3.5.0 through 3.5.11; 3.4.0 through 3.4.14.
Severity
7.5 (High)
CWE
- CWE-400 - Uncontrolled Resource Consumption
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Spring | Spring Data Commons |
Affected:
4.0.0 , < 4.0.6
(custom)
Affected: 3.5.0 , < 3.5.12 (custom) Affected: 3.4.0 , < 3.4.15 (custom) |
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Spring Data Commons",
"vendor": "Spring",
"versions": [
{
"lessThan": "4.0.6",
"status": "affected",
"version": "4.0.0",
"versionType": "custom"
},
{
"lessThan": "3.5.12",
"status": "affected",
"version": "3.5.0",
"versionType": "custom"
},
{
"lessThan": "3.4.15",
"status": "affected",
"version": "3.4.0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Spring Data Commons applications may be vulnerable to denial of service through resource exhaustion when attacker-controlled property path strings are passed to MappingContext property path resolution.\n\nAffected versions:\nSpring Data Commons 4.0.0 through 4.0.5; 3.5.0 through 3.5.11; 3.4.0 through 3.4.14."
}
],
"value": "Spring Data Commons applications may be vulnerable to denial of service through resource exhaustion when attacker-controlled property path strings are passed to MappingContext property path resolution.\n\nAffected versions:\nSpring Data Commons 4.0.0 through 4.0.5; 3.5.0 through 3.5.11; 3.4.0 through 3.4.14."
}
],
"impacts": [
{
"descriptions": [
{
"lang": "en",
"value": "An attacker who can supply attacker-controlled property path strings to MappingContext property path resolution can trigger resource exhaustion and denial of service."
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400: Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-09T23:47:33.927Z",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"url": "https://spring.io/security/cve-2026-41695"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Denial of Service in Spring Data Commons Property Path Resolution",
"x_generator": {
"engine": "Vulnogram 1.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2026-41695",
"datePublished": "2026-06-09T23:47:33.927Z",
"dateReserved": "2026-04-22T06:21:22.981Z",
"dateUpdated": "2026-06-09T23:47:33.927Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}