VDB

GHSA-wwpq-f5c3-7hvx

GHSA-wwpq-f5c3-7hvx PUBLISHED CVSS 7 HIGH

Spring Boot accepts predictable temp directory without ownership verification

Risk Scores

CVSS 3.1
7
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products

VendorProductVersions
Mavenorg.springframework.boot:spring-boot4.0.0, 3.5.0, 3.4.0

Timeline

  • Apr 28, 2026 CVE Published
  • May 7, 2026 Security Advisory
  • May 8, 2026 CVE Updated
Open in Interactive Console →
$ Console Community · 100/wk Open console ›