VDB

CVE-2021-22096

CVE-2021-22096 PUBLISHED

In Spring Framework versions 5.3.0 - 5.3.10, 5.2.0 - 5.2.17, and older unsupported versions, it is possible for a user to provide malicious input to cause the insertion of additional log entries.

EPSS 0.22% · 44.8th percentile

Risk Scores

EPSS Score
0.22%
44.8th percentile

Affected Products

VendorProductVersions
Ubuntu:Pro:24.04:LTSlibspring-java0, 4.3.30-2ubuntu0.24.04.1~esm1, 4.3.30-2
Ubuntu:Pro:18.04:LTSlibspring-java*, 0, 4.3.11-1
Ubuntu:Pro:16.04:LTSlibspring-java3.2.13-5ubuntu0.1~esm1, 3.2.13-5, 3.2.13-4
Ubuntu:Pro:22.04:LTSlibspring-java0, 4.3.30-1, *
Ubuntu:25.10libspring-java4.3.30-2ubuntu1, 4.3.30-3ubuntu1, 0
Ubuntu:Pro:20.04:LTSlibspring-java4.3.22-4, 4.3.22-4ubuntu0.1~esm1, 0
Ubuntu:Pro:14.04:LTSlibspring-java3.0.6.RELEASE-13ubuntu0.1~esm1, 3.0.6.RELEASE-13, *

Timeline

  • CVE Published
  • Oct 29, 2021 EPSS Score
  • Dec 24, 2021 EPSS Score
  • Jan 6, 2022 EPSS Score
  • Feb 18, 2022 EPSS Score
  • Apr 1, 2022 EPSS Score
  • Apr 15, 2022 EPSS Score
  • Jun 10, 2022 EPSS Score
  • Aug 6, 2022 EPSS Score
  • Nov 26, 2022 EPSS Score
  • Jan 21, 2023 EPSS Score
  • Mar 7, 2023 EPSS Score
Open in Interactive Console →
$ Console Community · 100/wk Open console ›