Spring Security: 5.2.15 → 5.7.24
VMware · upgrade impact · Official site ↗
Fixed by upgrading to 5.7.24 iVulnerabilities that affect 5.2.15 but no longer affect 5.7.24 — the security gain from this upgrade, by exploited status then exploitation probability.
Exploited first, then by exploitation probability (EPSS).
CVE-2022-22978 CRITICAL EPSS 10% ✓ cleared in 5.7.24 CVE-2022-22976 MEDIUM EPSS 2% ✓ cleared in 5.7.24 CVE-2026-22732 CRITICAL EPSS 0% ✓ cleared in 5.7.24 CVE-2026-22746 LOW EPSS 0% ✓ cleared in 5.7.24Still open in 5.7.24 iKnown vulnerabilities that affect 5.7.24 too — upgrading to it does not clear these.
These affect 5.7.24 as well — a later release may be needed.
CVE-2026-22748 MEDIUM EPSS 0% → fixed in 7.0.5