Spring Framework: 5.3.39 → 6.0.18
VMware · upgrade impact · Official site ↗
Fixed by upgrading to 6.0.18 iVulnerabilities that affect 5.3.39 but no longer affect 6.0.18 — the security gain from this upgrade, by exploited status then exploitation probability.
Exploited first, then by exploitation probability (EPSS).
CVE-2016-1000027 CRITICAL EPSS 60% ✓ cleared in 6.0.18 CVE-2026-22737 MEDIUM EPSS 0% ✓ cleared in 6.0.18 CVE-2026-22735 LOW EPSS 0% ✓ cleared in 6.0.18 CVE-2026-22741 LOW EPSS 0% ✓ cleared in 6.0.18 CVE-2026-22745 MEDIUM EPSS 0% ✓ cleared in 6.0.18 CVE-2026-22740 MEDIUM EPSS 0% ✓ cleared in 6.0.18 CVE-2026-41843 MEDIUM EPSS 0% ✓ cleared in 6.0.18 CVE-2026-41842 HIGH EPSS 0% ✓ cleared in 6.0.18 CVE-2026-41849 HIGH EPSS 0% ✓ cleared in 6.0.18 CVE-2026-41840 MEDIUM EPSS 0% ✓ cleared in 6.0.18 CVE-2026-41841 MEDIUM EPSS 0% ✓ cleared in 6.0.18 CVE-2026-41850 HIGH EPSS 0% ✓ cleared in 6.0.18 CVE-2026-41851 MEDIUM EPSS 0% ✓ cleared in 6.0.18Still open in 6.0.18 iKnown vulnerabilities that affect 6.0.18 too — upgrading to it does not clear these.
These affect 6.0.18 as well — a later release may be needed.
CVE-2024-38820 LOW EPSS 1% → fixed in 6.1.14