Spring Framework: 4.3.30 → 6.0.18
VMware · upgrade impact · Official site ↗
Fixed by upgrading to 6.0.18 iVulnerabilities that affect 4.3.30 but no longer affect 6.0.18 — the security gain from this upgrade, by exploited status then exploitation probability.
Exploited first, then by exploitation probability (EPSS).
CVE-2022-22965 CRITICAL ● exploited EPSS 94% ✓ cleared in 6.0.18 CVE-2016-1000027 CRITICAL EPSS 60% ✓ cleared in 6.0.18 CVE-2024-22259 HIGH EPSS 56% ✓ cleared in 6.0.18 CVE-2022-22968 MEDIUM EPSS 21% ✓ cleared in 6.0.18 CVE-2022-22950 MEDIUM EPSS 2% ✓ cleared in 6.0.18 CVE-2023-20861 MEDIUM EPSS 1% ✓ cleared in 6.0.18 CVE-2022-22970 MEDIUM EPSS 0% ✓ cleared in 6.0.18 CVE-2026-22737 MEDIUM EPSS 0% ✓ cleared in 6.0.18 CVE-2026-22735 LOW EPSS 0% ✓ cleared in 6.0.18 CVE-2026-22741 LOW EPSS 0% ✓ cleared in 6.0.18 CVE-2026-22745 MEDIUM EPSS 0% ✓ cleared in 6.0.18 CVE-2026-22740 MEDIUM EPSS 0% ✓ cleared in 6.0.18Still open in 6.0.18 iKnown vulnerabilities that affect 6.0.18 too — upgrading to it does not clear these.
These affect 6.0.18 as well — a later release may be needed.
CVE-2024-38820 LOW EPSS 1% → fixed in 6.1.14