Process completed with exit code 1.

Provides transitive vulnerable dependency maven:org.springframework.security:spring-security-core:6.4.2 * [CVE-2025-41232](https://www.mend.io/vulnerability-database/CVE-2025-41232?utm_source=Jetbrains) 9.1 CVE-2025-41232: Spring Security authorization bypass for method security annotations on private methods * [CVE-2025-41248](https://www.mend.io/vulnerability-database/CVE-2025-41248?utm_source=Jetbrains) 7.5 CVE-2025-41248: Spring Security authorization bypass for method security annotations on parameterized types * [CVE-2025-22223](https://www.mend.io/vulnerability-database/CVE-2025-22223?utm_source=JetBrains) 5.3 Insufficient Information Results powered by [Mend.io](https://www.mend.io/jetbrains-lp/?utm_source=JetBrains)

Provides transitive vulnerable dependency maven:org.springframework.security:spring-security-core:6.4.2 * [CVE-2025-41232](https://www.mend.io/vulnerability-database/CVE-2025-41232?utm_source=Jetbrains) 9.1 CVE-2025-41232: Spring Security authorization bypass for method security annotations on private methods * [CVE-2025-41248](https://www.mend.io/vulnerability-database/CVE-2025-41248?utm_source=Jetbrains) 7.5 CVE-2025-41248: Spring Security authorization bypass for method security annotations on parameterized types * [CVE-2025-22223](https://www.mend.io/vulnerability-database/CVE-2025-22223?utm_source=JetBrains) 5.3 Insufficient Information Results powered by [Mend.io](https://www.mend.io/jetbrains-lp/?utm_source=JetBrains)

Provides transitive vulnerable dependency maven:org.apache.tomcat.embed:tomcat-embed-core:10.1.34 * [CVE-2025-24813](https://www.mend.io/vulnerability-database/CVE-2025-24813?utm_source=Jetbrains) 9.8 Insufficient Information * [CVE-2025-31651](https://www.mend.io/vulnerability-database/CVE-2025-31651?utm_source=Jetbrains) 9.8 Insufficient Information * [CVE-2025-55754](https://www.mend.io/vulnerability-database/CVE-2025-55754?utm_source=Jetbrains) 9.6 Insufficient Information * [CVE-2025-55752](https://www.mend.io/vulnerability-database/CVE-2025-55752?utm_source=Jetbrains) 7.5 Insufficient Information * [CVE-2025-31650](https://www.mend.io/vulnerability-database/CVE-2025-31650?utm_source=Jetbrains) 7.5 Insufficient Information * [CVE-2025-48989](https://www.mend.io/vulnerability-database/CVE-2025-48989?utm_source=Jetbrains) 7.5 Insufficient Information * [CVE-2025-48988](https://www.mend.io/vulnerability-database/CVE-2025-48988?utm_source=Jetbrains) 7.5 Insufficient Information * [CVE-2025-48976](https://www.mend.io/vulnerability-database/CVE-2025-48976?utm_source=Jetbrains) 7.5 Insufficient Information * [CVE-2025-49125](https://www.mend.io/vulnerability-database/CVE-2025-49125?utm_source=Jetbrains) 6.5 Insufficient Information * [CVE-2025-46701](https://www.mend.io/vulnerability-database/CVE-2025-46701?utm_source=Jetbrains) 6.5 Insufficient Information Results powered by [Mend.io](https://www.mend.io/jetbrains-lp/?utm_source=JetBrains)

Provides transitive vulnerable dependency maven:org.apache.tomcat.embed:tomcat-embed-core:10.1.34 * [CVE-2025-24813](https://www.mend.io/vulnerability-database/CVE-2025-24813?utm_source=Jetbrains) 9.8 Insufficient Information * [CVE-2025-31651](https://www.mend.io/vulnerability-database/CVE-2025-31651?utm_source=Jetbrains) 9.8 Insufficient Information * [CVE-2025-55754](https://www.mend.io/vulnerability-database/CVE-2025-55754?utm_source=Jetbrains) 9.6 Insufficient Information * [CVE-2025-55752](https://www.mend.io/vulnerability-database/CVE-2025-55752?utm_source=Jetbrains) 7.5 Insufficient Information * [CVE-2025-31650](https://www.mend.io/vulnerability-database/CVE-2025-31650?utm_source=Jetbrains) 7.5 Insufficient Information * [CVE-2025-48989](https://www.mend.io/vulnerability-database/CVE-2025-48989?utm_source=Jetbrains) 7.5 Insufficient Information * [CVE-2025-48988](https://www.mend.io/vulnerability-database/CVE-2025-48988?utm_source=Jetbrains) 7.5 Insufficient Information * [CVE-2025-48976](https://www.mend.io/vulnerability-database/CVE-2025-48976?utm_source=Jetbrains) 7.5 Insufficient Information * [CVE-2025-49125](https://www.mend.io/vulnerability-database/CVE-2025-49125?utm_source=Jetbrains) 6.5 Insufficient Information * [CVE-2025-46701](https://www.mend.io/vulnerability-database/CVE-2025-46701?utm_source=Jetbrains) 6.5 Insufficient Information Results powered by [Mend.io](https://www.mend.io/jetbrains-lp/?utm_source=JetBrains)

Provides transitive vulnerable dependency maven:org.springframework.security:spring-security-core:6.4.2 * [CVE-2025-41232](https://www.mend.io/vulnerability-database/CVE-2025-41232?utm_source=Jetbrains) 9.1 CVE-2025-41232: Spring Security authorization bypass for method security annotations on private methods * [CVE-2025-41248](https://www.mend.io/vulnerability-database/CVE-2025-41248?utm_source=Jetbrains) 7.5 CVE-2025-41248: Spring Security authorization bypass for method security annotations on parameterized types * [CVE-2025-22223](https://www.mend.io/vulnerability-database/CVE-2025-22223?utm_source=JetBrains) 5.3 Insufficient Information Results powered by [Mend.io](https://www.mend.io/jetbrains-lp/?utm_source=JetBrains)

Provides transitive vulnerable dependency maven:org.springframework.security:spring-security-core:6.4.2 * [CVE-2025-41232](https://www.mend.io/vulnerability-database/CVE-2025-41232?utm_source=Jetbrains) 9.1 CVE-2025-41232: Spring Security authorization bypass for method security annotations on private methods * [CVE-2025-41248](https://www.mend.io/vulnerability-database/CVE-2025-41248?utm_source=Jetbrains) 7.5 CVE-2025-41248: Spring Security authorization bypass for method security annotations on parameterized types * [CVE-2025-22223](https://www.mend.io/vulnerability-database/CVE-2025-22223?utm_source=JetBrains) 5.3 Insufficient Information Results powered by [Mend.io](https://www.mend.io/jetbrains-lp/?utm_source=JetBrains)

Provides transitive vulnerable dependency maven:org.springframework.security:spring-security-core:6.4.2 * [CVE-2025-41232](https://www.mend.io/vulnerability-database/CVE-2025-41232?utm_source=Jetbrains) 9.1 CVE-2025-41232: Spring Security authorization bypass for method security annotations on private methods * [CVE-2025-41248](https://www.mend.io/vulnerability-database/CVE-2025-41248?utm_source=Jetbrains) 7.5 CVE-2025-41248: Spring Security authorization bypass for method security annotations on parameterized types * [CVE-2025-22223](https://www.mend.io/vulnerability-database/CVE-2025-22223?utm_source=JetBrains) 5.3 Insufficient Information Results powered by [Mend.io](https://www.mend.io/jetbrains-lp/?utm_source=JetBrains)

Provides transitive vulnerable dependency maven:org.apache.tomcat.embed:tomcat-embed-core:10.1.34 * [CVE-2025-24813](https://www.mend.io/vulnerability-database/CVE-2025-24813?utm_source=Jetbrains) 9.8 Insufficient Information * [CVE-2025-31651](https://www.mend.io/vulnerability-database/CVE-2025-31651?utm_source=Jetbrains) 9.8 Insufficient Information * [CVE-2025-55754](https://www.mend.io/vulnerability-database/CVE-2025-55754?utm_source=Jetbrains) 9.6 Insufficient Information * [CVE-2025-55752](https://www.mend.io/vulnerability-database/CVE-2025-55752?utm_source=Jetbrains) 7.5 Insufficient Information * [CVE-2025-31650](https://www.mend.io/vulnerability-database/CVE-2025-31650?utm_source=Jetbrains) 7.5 Insufficient Information * [CVE-2025-48989](https://www.mend.io/vulnerability-database/CVE-2025-48989?utm_source=Jetbrains) 7.5 Insufficient Information * [CVE-2025-48988](https://www.mend.io/vulnerability-database/CVE-2025-48988?utm_source=Jetbrains) 7.5 Insufficient Information * [CVE-2025-48976](https://www.mend.io/vulnerability-database/CVE-2025-48976?utm_source=Jetbrains) 7.5 Insufficient Information * [CVE-2025-49125](https://www.mend.io/vulnerability-database/CVE-2025-49125?utm_source=Jetbrains) 6.5 Insufficient Information * [CVE-2025-46701](https://www.mend.io/vulnerability-database/CVE-2025-46701?utm_source=Jetbrains) 6.5 Insufficient Information Results powered by [Mend.io](https://www.mend.io/jetbrains-lp/?utm_source=JetBrains)

Provides transitive vulnerable dependency maven:org.apache.tomcat.embed:tomcat-embed-core:10.1.34 * [CVE-2025-24813](https://www.mend.io/vulnerability-database/CVE-2025-24813?utm_source=Jetbrains) 9.8 Insufficient Information * [CVE-2025-31651](https://www.mend.io/vulnerability-database/CVE-2025-31651?utm_source=Jetbrains) 9.8 Insufficient Information * [CVE-2025-55754](https://www.mend.io/vulnerability-database/CVE-2025-55754?utm_source=Jetbrains) 9.6 Insufficient Information * [CVE-2025-55752](https://www.mend.io/vulnerability-database/CVE-2025-55752?utm_source=Jetbrains) 7.5 Insufficient Information * [CVE-2025-31650](https://www.mend.io/vulnerability-database/CVE-2025-31650?utm_source=Jetbrains) 7.5 Insufficient Information * [CVE-2025-48989](https://www.mend.io/vulnerability-database/CVE-2025-48989?utm_source=Jetbrains) 7.5 Insufficient Information * [CVE-2025-48988](https://www.mend.io/vulnerability-database/CVE-2025-48988?utm_source=Jetbrains) 7.5 Insufficient Information * [CVE-2025-48976](https://www.mend.io/vulnerability-database/CVE-2025-48976?utm_source=Jetbrains) 7.5 Insufficient Information * [CVE-2025-49125](https://www.mend.io/vulnerability-database/CVE-2025-49125?utm_source=Jetbrains) 6.5 Insufficient Information * [CVE-2025-46701](https://www.mend.io/vulnerability-database/CVE-2025-46701?utm_source=Jetbrains) 6.5 Insufficient Information Results powered by [Mend.io](https://www.mend.io/jetbrains-lp/?utm_source=JetBrains)

Provides transitive vulnerable dependency maven:org.apache.tomcat.embed:tomcat-embed-core:10.1.34 * [CVE-2025-24813](https://www.mend.io/vulnerability-database/CVE-2025-24813?utm_source=Jetbrains) 9.8 Insufficient Information * [CVE-2025-31651](https://www.mend.io/vulnerability-database/CVE-2025-31651?utm_source=Jetbrains) 9.8 Insufficient Information * [CVE-2025-55754](https://www.mend.io/vulnerability-database/CVE-2025-55754?utm_source=Jetbrains) 9.6 Insufficient Information * [CVE-2025-55752](https://www.mend.io/vulnerability-database/CVE-2025-55752?utm_source=Jetbrains) 7.5 Insufficient Information * [CVE-2025-31650](https://www.mend.io/vulnerability-database/CVE-2025-31650?utm_source=Jetbrains) 7.5 Insufficient Information * [CVE-2025-48989](https://www.mend.io/vulnerability-database/CVE-2025-48989?utm_source=Jetbrains) 7.5 Insufficient Information * [CVE-2025-48988](https://www.mend.io/vulnerability-database/CVE-2025-48988?utm_source=Jetbrains) 7.5 Insufficient Information * [CVE-2025-48976](https://www.mend.io/vulnerability-database/CVE-2025-48976?utm_source=Jetbrains) 7.5 Insufficient Information * [CVE-2025-49125](https://www.mend.io/vulnerability-database/CVE-2025-49125?utm_source=Jetbrains) 6.5 Insufficient Information * [CVE-2025-46701](https://www.mend.io/vulnerability-database/CVE-2025-46701?utm_source=Jetbrains) 6.5 Insufficient Information Results powered by [Mend.io](https://www.mend.io/jetbrains-lp/?utm_source=JetBrains)

This action is being deprecated in favor of 'codecov-action'. Please update CI accordingly to use 'codecov-action@v5' with 'report_type: test_results'. The 'codecov-action' should and can be run at least once for coverage and once for test results

Provides transitive vulnerable dependency maven:io.netty:netty-codec-http:4.1.116.Final * [CVE-2025-58057](https://www.mend.io/vulnerability-database/CVE-2025-58057?utm_source=Jetbrains) 7.5 Netty's BrotliDecoder is vulnerable to DoS via zip bomb style attack * [CVE-2025-58056](https://www.mend.io/vulnerability-database/CVE-2025-58056?utm_source=Jetbrains) 7.5 Netty is vulnerable to request smuggling due to incorrect parsing of chunk extensions * [CVE-2025-67735](https://www.mend.io/vulnerability-database/CVE-2025-67735?utm_source=Jetbrains) 6.5 Netty has a CRLF Injection vulnerability in io.netty.handler.codec.http.HttpRequestEncoder Results powered by [Mend.io](https://www.mend.io/jetbrains-lp/?utm_source=JetBrains)

Provides transitive vulnerable dependency maven:org.springframework.security:spring-security-crypto:6.4.2 * [CVE-2025-22228](https://www.mend.io/vulnerability-database/CVE-2025-22228?utm_source=JetBrains) 7.4 CVE-2025-22228: Spring Security BCryptPasswordEncoder does not enforce maximum password length Results powered by [Mend.io](https://www.mend.io/jetbrains-lp/?utm_source=JetBrains)

Provides transitive vulnerable dependency maven:io.netty:netty-codec-http2:4.1.116.Final * [CVE-2025-55163](https://www.mend.io/vulnerability-database/CVE-2025-55163?utm_source=Jetbrains) 7.5 Netty MadeYouReset HTTP/2 DDoS Vulnerability * [CVE-2025-58057](https://www.mend.io/vulnerability-database/CVE-2025-58057?utm_source=Jetbrains) 7.5 Netty's BrotliDecoder is vulnerable to DoS via zip bomb style attack Results powered by [Mend.io](https://www.mend.io/jetbrains-lp/?utm_source=JetBrains)

Provides transitive vulnerable dependency maven:net.minidev:json-smart:2.5.1 * [CVE-2024-57699](https://www.mend.io/vulnerability-database/CVE-2024-57699?utm_source=JetBrains) 7.5 Insufficient Information Results powered by [Mend.io](https://www.mend.io/jetbrains-lp/?utm_source=JetBrains)

Provides transitive vulnerable dependency maven:io.netty:netty-handler:4.1.116.Final * [CVE-2025-24970](https://www.mend.io/vulnerability-database/CVE-2025-24970?utm_source=JetBrains) 7.5 SslHandler doesn't correctly validate packets which can lead to native crash when using native SSLEngine Results powered by [Mend.io](https://www.mend.io/jetbrains-lp/?utm_source=JetBrains)

Provides transitive vulnerable dependency maven:org.assertj:assertj-core:3.25.3 * [CVE-2026-24400](https://www.mend.io/vulnerability-database/CVE-2026-24400?utm_source=Jetbrains) 7.3 AssertJ has XML External Entity (XXE) vulnerability when parsing untrusted XML via isXmlEqualTo assertion Results powered by [Mend.io](https://www.mend.io/jetbrains-lp/?utm_source=JetBrains)

Provides transitive vulnerable dependency maven:net.minidev:json-smart:2.5.1 * [CVE-2024-57699](https://www.mend.io/vulnerability-database/CVE-2024-57699?utm_source=JetBrains) 7.5 Insufficient Information Results powered by [Mend.io](https://www.mend.io/jetbrains-lp/?utm_source=JetBrains)

Provides transitive vulnerable dependency maven:io.netty:netty-codec-http2:4.1.116.Final * [CVE-2025-55163](https://www.mend.io/vulnerability-database/CVE-2025-55163?utm_source=Jetbrains) 7.5 Netty MadeYouReset HTTP/2 DDoS Vulnerability * [CVE-2025-58057](https://www.mend.io/vulnerability-database/CVE-2025-58057?utm_source=Jetbrains) 7.5 Netty's BrotliDecoder is vulnerable to DoS via zip bomb style attack Results powered by [Mend.io](https://www.mend.io/jetbrains-lp/?utm_source=JetBrains)

Provides transitive vulnerable dependency maven:org.apache.commons:commons-compress:1.24.0 * [CVE-2024-25710](https://www.mend.io/vulnerability-database/CVE-2024-25710?utm_source=JetBrains) 8.1 Loop with Unreachable Exit Condition ('Infinite Loop') * [CVE-2024-26308](https://www.mend.io/vulnerability-database/CVE-2024-26308?utm_source=JetBrains) 5.5 Allocation of Resources Without Limits or Throttling Results powered by [Mend.io](https://www.mend.io/jetbrains-lp/?utm_source=JetBrains)

Provides transitive vulnerable dependency maven:io.netty:netty-codec:4.1.116.Final * [CVE-2025-58057](https://www.mend.io/vulnerability-database/CVE-2025-58057?utm_source=Jetbrains) 7.5 Netty's BrotliDecoder is vulnerable to DoS via zip bomb style attack Results powered by [Mend.io](https://www.mend.io/jetbrains-lp/?utm_source=JetBrains)

Provides transitive vulnerable dependency maven:net.minidev:json-smart:2.5.1 * [CVE-2024-57699](https://www.mend.io/vulnerability-database/CVE-2024-57699?utm_source=JetBrains) 7.5 Insufficient Information Results powered by [Mend.io](https://www.mend.io/jetbrains-lp/?utm_source=JetBrains)

Provides transitive vulnerable dependency maven:io.netty:netty-codec:4.1.116.Final * [CVE-2025-58057](https://www.mend.io/vulnerability-database/CVE-2025-58057?utm_source=Jetbrains) 7.5 Netty's BrotliDecoder is vulnerable to DoS via zip bomb style attack Results powered by [Mend.io](https://www.mend.io/jetbrains-lp/?utm_source=JetBrains)

Provides transitive vulnerable dependency maven:net.minidev:json-smart:2.5.1 * [CVE-2024-57699](https://www.mend.io/vulnerability-database/CVE-2024-57699?utm_source=JetBrains) 7.5 Insufficient Information Results powered by [Mend.io](https://www.mend.io/jetbrains-lp/?utm_source=JetBrains)

Provides transitive vulnerable dependency maven:io.netty:netty-codec:4.1.116.Final * [CVE-2025-58057](https://www.mend.io/vulnerability-database/CVE-2025-58057?utm_source=Jetbrains) 7.5 Netty's BrotliDecoder is vulnerable to DoS via zip bomb style attack Results powered by [Mend.io](https://www.mend.io/jetbrains-lp/?utm_source=JetBrains)

Provides transitive vulnerable dependency maven:org.springframework.security:spring-security-crypto:6.4.2 * [CVE-2025-22228](https://www.mend.io/vulnerability-database/CVE-2025-22228?utm_source=JetBrains) 7.4 CVE-2025-22228: Spring Security BCryptPasswordEncoder does not enforce maximum password length Results powered by [Mend.io](https://www.mend.io/jetbrains-lp/?utm_source=JetBrains)

Provides transitive vulnerable dependency maven:net.minidev:json-smart:2.5.1 * [CVE-2024-57699](https://www.mend.io/vulnerability-database/CVE-2024-57699?utm_source=JetBrains) 7.5 Insufficient Information Results powered by [Mend.io](https://www.mend.io/jetbrains-lp/?utm_source=JetBrains)

Provides transitive vulnerable dependency maven:org.springframework.boot:spring-boot-actuator-autoconfigure:3.4.1 * [CVE-2025-22235](https://www.mend.io/vulnerability-database/CVE-2025-22235?utm_source=Jetbrains) 7.3 Spring Boot EndpointRequest.to() creates wrong matcher if actuator endpoint is not exposed Results powered by [Mend.io](https://www.mend.io/jetbrains-lp/?utm_source=JetBrains)

Provides transitive vulnerable dependency maven:org.springframework:spring-core:6.2.1 * [CVE-2025-41249](https://www.mend.io/vulnerability-database/CVE-2025-41249?utm_source=Jetbrains) 7.5 CVE-2025-41249: Spring Framework Annotation Detection Vulnerability Results powered by [Mend.io](https://www.mend.io/jetbrains-lp/?utm_source=JetBrains)

Provides transitive vulnerable dependency maven:org.springframework.boot:spring-boot:3.4.1 * [CVE-2025-22235](https://www.mend.io/vulnerability-database/CVE-2025-22235?utm_source=Jetbrains) 7.3 Spring Boot EndpointRequest.to() creates wrong matcher if actuator endpoint is not exposed Results powered by [Mend.io](https://www.mend.io/jetbrains-lp/?utm_source=JetBrains)

Provides transitive vulnerable dependency maven:org.springframework.boot:spring-boot:3.4.1 * [CVE-2025-22235](https://www.mend.io/vulnerability-database/CVE-2025-22235?utm_source=Jetbrains) 7.3 Spring Boot EndpointRequest.to() creates wrong matcher if actuator endpoint is not exposed Results powered by [Mend.io](https://www.mend.io/jetbrains-lp/?utm_source=JetBrains)

Provides transitive vulnerable dependency maven:org.assertj:assertj-core:3.25.3 * [CVE-2026-24400](https://www.mend.io/vulnerability-database/CVE-2026-24400?utm_source=Jetbrains) 7.3 AssertJ has XML External Entity (XXE) vulnerability when parsing untrusted XML via isXmlEqualTo assertion Results powered by [Mend.io](https://www.mend.io/jetbrains-lp/?utm_source=JetBrains)

Provides transitive vulnerable dependency maven:org.springframework:spring-core:6.2.1 * [CVE-2025-41249](https://www.mend.io/vulnerability-database/CVE-2025-41249?utm_source=Jetbrains) 7.5 CVE-2025-41249: Spring Framework Annotation Detection Vulnerability Results powered by [Mend.io](https://www.mend.io/jetbrains-lp/?utm_source=JetBrains)

Provides transitive vulnerable dependency maven:org.springframework.boot:spring-boot-actuator-autoconfigure:3.4.1 * [CVE-2025-22235](https://www.mend.io/vulnerability-database/CVE-2025-22235?utm_source=Jetbrains) 7.3 Spring Boot EndpointRequest.to() creates wrong matcher if actuator endpoint is not exposed Results powered by [Mend.io](https://www.mend.io/jetbrains-lp/?utm_source=JetBrains)

Provides transitive vulnerable dependency maven:org.springframework:spring-core:6.2.1 * [CVE-2025-41249](https://www.mend.io/vulnerability-database/CVE-2025-41249?utm_source=Jetbrains) 7.5 CVE-2025-41249: Spring Framework Annotation Detection Vulnerability Results powered by [Mend.io](https://www.mend.io/jetbrains-lp/?utm_source=JetBrains)

Provides transitive vulnerable dependency maven:org.assertj:assertj-core:3.25.3 * [CVE-2026-24400](https://www.mend.io/vulnerability-database/CVE-2026-24400?utm_source=Jetbrains) 7.3 AssertJ has XML External Entity (XXE) vulnerability when parsing untrusted XML via isXmlEqualTo assertion Results powered by [Mend.io](https://www.mend.io/jetbrains-lp/?utm_source=JetBrains)

Provides transitive vulnerable dependency maven:org.springframework:spring-core:6.2.1 * [CVE-2025-41249](https://www.mend.io/vulnerability-database/CVE-2025-41249?utm_source=Jetbrains) 7.5 CVE-2025-41249: Spring Framework Annotation Detection Vulnerability Results powered by [Mend.io](https://www.mend.io/jetbrains-lp/?utm_source=JetBrains)

Provides transitive vulnerable dependency maven:io.netty:netty-codec-http:4.1.116.Final * [CVE-2025-58057](https://www.mend.io/vulnerability-database/CVE-2025-58057?utm_source=Jetbrains) 7.5 Netty's BrotliDecoder is vulnerable to DoS via zip bomb style attack * [CVE-2025-58056](https://www.mend.io/vulnerability-database/CVE-2025-58056?utm_source=Jetbrains) 7.5 Netty is vulnerable to request smuggling due to incorrect parsing of chunk extensions * [CVE-2025-67735](https://www.mend.io/vulnerability-database/CVE-2025-67735?utm_source=Jetbrains) 6.5 Netty has a CRLF Injection vulnerability in io.netty.handler.codec.http.HttpRequestEncoder Results powered by [Mend.io](https://www.mend.io/jetbrains-lp/?utm_source=JetBrains)

Provides transitive vulnerable dependency maven:io.netty:netty-codec-http:4.1.116.Final * [CVE-2025-58057](https://www.mend.io/vulnerability-database/CVE-2025-58057?utm_source=Jetbrains) 7.5 Netty's BrotliDecoder is vulnerable to DoS via zip bomb style attack * [CVE-2025-58056](https://www.mend.io/vulnerability-database/CVE-2025-58056?utm_source=Jetbrains) 7.5 Netty is vulnerable to request smuggling due to incorrect parsing of chunk extensions * [CVE-2025-67735](https://www.mend.io/vulnerability-database/CVE-2025-67735?utm_source=Jetbrains) 6.5 Netty has a CRLF Injection vulnerability in io.netty.handler.codec.http.HttpRequestEncoder Results powered by [Mend.io](https://www.mend.io/jetbrains-lp/?utm_source=JetBrains)

Provides transitive vulnerable dependency maven:io.netty:netty-codec:4.1.116.Final * [CVE-2025-58057](https://www.mend.io/vulnerability-database/CVE-2025-58057?utm_source=Jetbrains) 7.5 Netty's BrotliDecoder is vulnerable to DoS via zip bomb style attack Results powered by [Mend.io](https://www.mend.io/jetbrains-lp/?utm_source=JetBrains)

Provides transitive vulnerable dependency maven:io.netty:netty-handler:4.1.116.Final * [CVE-2025-24970](https://www.mend.io/vulnerability-database/CVE-2025-24970?utm_source=JetBrains) 7.5 SslHandler doesn't correctly validate packets which can lead to native crash when using native SSLEngine Results powered by [Mend.io](https://www.mend.io/jetbrains-lp/?utm_source=JetBrains)

Provides transitive vulnerable dependency maven:org.springframework.boot:spring-boot:3.4.1 * [CVE-2025-22235](https://www.mend.io/vulnerability-database/CVE-2025-22235?utm_source=Jetbrains) 7.3 Spring Boot EndpointRequest.to() creates wrong matcher if actuator endpoint is not exposed Results powered by [Mend.io](https://www.mend.io/jetbrains-lp/?utm_source=JetBrains)

Provides transitive vulnerable dependency maven:org.apache.commons:commons-compress:1.24.0 * [CVE-2024-25710](https://www.mend.io/vulnerability-database/CVE-2024-25710?utm_source=JetBrains) 8.1 Loop with Unreachable Exit Condition ('Infinite Loop') * [CVE-2024-26308](https://www.mend.io/vulnerability-database/CVE-2024-26308?utm_source=JetBrains) 5.5 Allocation of Resources Without Limits or Throttling Results powered by [Mend.io](https://www.mend.io/jetbrains-lp/?utm_source=JetBrains)

Provides transitive vulnerable dependency maven:io.netty:netty-codec:4.1.116.Final * [CVE-2025-58057](https://www.mend.io/vulnerability-database/CVE-2025-58057?utm_source=Jetbrains) 7.5 Netty's BrotliDecoder is vulnerable to DoS via zip bomb style attack Results powered by [Mend.io](https://www.mend.io/jetbrains-lp/?utm_source=JetBrains)

Provides transitive vulnerable dependency maven:net.minidev:json-smart:2.5.1 * [CVE-2024-57699](https://www.mend.io/vulnerability-database/CVE-2024-57699?utm_source=JetBrains) 7.5 Insufficient Information Results powered by [Mend.io](https://www.mend.io/jetbrains-lp/?utm_source=JetBrains)

Provides transitive vulnerable dependency maven:org.assertj:assertj-core:3.25.3 * [CVE-2026-24400](https://www.mend.io/vulnerability-database/CVE-2026-24400?utm_source=Jetbrains) 7.3 AssertJ has XML External Entity (XXE) vulnerability when parsing untrusted XML via isXmlEqualTo assertion Results powered by [Mend.io](https://www.mend.io/jetbrains-lp/?utm_source=JetBrains)

Provides transitive vulnerable dependency maven:io.netty:netty-handler:4.1.116.Final * [CVE-2025-24970](https://www.mend.io/vulnerability-database/CVE-2025-24970?utm_source=JetBrains) 7.5 SslHandler doesn't correctly validate packets which can lead to native crash when using native SSLEngine Results powered by [Mend.io](https://www.mend.io/jetbrains-lp/?utm_source=JetBrains)

Provides transitive vulnerable dependency maven:io.netty:netty-codec-http:4.1.116.Final * [CVE-2025-58057](https://www.mend.io/vulnerability-database/CVE-2025-58057?utm_source=Jetbrains) 7.5 Netty's BrotliDecoder is vulnerable to DoS via zip bomb style attack * [CVE-2025-58056](https://www.mend.io/vulnerability-database/CVE-2025-58056?utm_source=Jetbrains) 7.5 Netty is vulnerable to request smuggling due to incorrect parsing of chunk extensions * [CVE-2025-67735](https://www.mend.io/vulnerability-database/CVE-2025-67735?utm_source=Jetbrains) 6.5 Netty has a CRLF Injection vulnerability in io.netty.handler.codec.http.HttpRequestEncoder Results powered by [Mend.io](https://www.mend.io/jetbrains-lp/?utm_source=JetBrains)

Provides transitive vulnerable dependency maven:org.springframework:spring-core:6.2.1 * [CVE-2025-41249](https://www.mend.io/vulnerability-database/CVE-2025-41249?utm_source=Jetbrains) 7.5 CVE-2025-41249: Spring Framework Annotation Detection Vulnerability Results powered by [Mend.io](https://www.mend.io/jetbrains-lp/?utm_source=JetBrains)

Provides transitive vulnerable dependency maven:org.springframework:spring-core:6.2.1 * [CVE-2025-41249](https://www.mend.io/vulnerability-database/CVE-2025-41249?utm_source=Jetbrains) 7.5 CVE-2025-41249: Spring Framework Annotation Detection Vulnerability Results powered by [Mend.io](https://www.mend.io/jetbrains-lp/?utm_source=JetBrains)

Provides transitive vulnerable dependency maven:io.netty:netty-codec-http2:4.1.116.Final * [CVE-2025-55163](https://www.mend.io/vulnerability-database/CVE-2025-55163?utm_source=Jetbrains) 7.5 Netty MadeYouReset HTTP/2 DDoS Vulnerability * [CVE-2025-58057](https://www.mend.io/vulnerability-database/CVE-2025-58057?utm_source=Jetbrains) 7.5 Netty's BrotliDecoder is vulnerable to DoS via zip bomb style attack Results powered by [Mend.io](https://www.mend.io/jetbrains-lp/?utm_source=JetBrains)

Provides transitive vulnerable dependency maven:org.springframework.boot:spring-boot:3.4.1 * [CVE-2025-22235](https://www.mend.io/vulnerability-database/CVE-2025-22235?utm_source=Jetbrains) 7.3 Spring Boot EndpointRequest.to() creates wrong matcher if actuator endpoint is not exposed Results powered by [Mend.io](https://www.mend.io/jetbrains-lp/?utm_source=JetBrains)

Provides transitive vulnerable dependency maven:io.netty:netty-codec:4.1.116.Final * [CVE-2025-58057](https://www.mend.io/vulnerability-database/CVE-2025-58057?utm_source=Jetbrains) 7.5 Netty's BrotliDecoder is vulnerable to DoS via zip bomb style attack Results powered by [Mend.io](https://www.mend.io/jetbrains-lp/?utm_source=JetBrains)

Provides transitive vulnerable dependency maven:org.springframework.boot:spring-boot-actuator-autoconfigure:3.4.1 * [CVE-2025-22235](https://www.mend.io/vulnerability-database/CVE-2025-22235?utm_source=Jetbrains) 7.3 Spring Boot EndpointRequest.to() creates wrong matcher if actuator endpoint is not exposed Results powered by [Mend.io](https://www.mend.io/jetbrains-lp/?utm_source=JetBrains)

Provides transitive vulnerable dependency maven:io.netty:netty-codec-http:4.1.116.Final * [CVE-2025-58057](https://www.mend.io/vulnerability-database/CVE-2025-58057?utm_source=Jetbrains) 7.5 Netty's BrotliDecoder is vulnerable to DoS via zip bomb style attack * [CVE-2025-58056](https://www.mend.io/vulnerability-database/CVE-2025-58056?utm_source=Jetbrains) 7.5 Netty is vulnerable to request smuggling due to incorrect parsing of chunk extensions * [CVE-2025-67735](https://www.mend.io/vulnerability-database/CVE-2025-67735?utm_source=Jetbrains) 6.5 Netty has a CRLF Injection vulnerability in io.netty.handler.codec.http.HttpRequestEncoder Results powered by [Mend.io](https://www.mend.io/jetbrains-lp/?utm_source=JetBrains)

Provides transitive vulnerable dependency maven:org.assertj:assertj-core:3.25.3 * [CVE-2026-24400](https://www.mend.io/vulnerability-database/CVE-2026-24400?utm_source=Jetbrains) 7.3 AssertJ has XML External Entity (XXE) vulnerability when parsing untrusted XML via isXmlEqualTo assertion Results powered by [Mend.io](https://www.mend.io/jetbrains-lp/?utm_source=JetBrains)

Provides transitive vulnerable dependency maven:io.netty:netty-handler:4.1.116.Final * [CVE-2025-24970](https://www.mend.io/vulnerability-database/CVE-2025-24970?utm_source=JetBrains) 7.5 SslHandler doesn't correctly validate packets which can lead to native crash when using native SSLEngine Results powered by [Mend.io](https://www.mend.io/jetbrains-lp/?utm_source=JetBrains)

Provides transitive vulnerable dependency maven:org.springframework:spring-core:6.2.1 * [CVE-2025-41249](https://www.mend.io/vulnerability-database/CVE-2025-41249?utm_source=Jetbrains) 7.5 CVE-2025-41249: Spring Framework Annotation Detection Vulnerability Results powered by [Mend.io](https://www.mend.io/jetbrains-lp/?utm_source=JetBrains)

Provides transitive vulnerable dependency maven:io.netty:netty-handler:4.1.116.Final * [CVE-2025-24970](https://www.mend.io/vulnerability-database/CVE-2025-24970?utm_source=JetBrains) 7.5 SslHandler doesn't correctly validate packets which can lead to native crash when using native SSLEngine Results powered by [Mend.io](https://www.mend.io/jetbrains-lp/?utm_source=JetBrains)

Provides transitive vulnerable dependency maven:org.springframework.boot:spring-boot:3.4.1 * [CVE-2025-22235](https://www.mend.io/vulnerability-database/CVE-2025-22235?utm_source=Jetbrains) 7.3 Spring Boot EndpointRequest.to() creates wrong matcher if actuator endpoint is not exposed Results powered by [Mend.io](https://www.mend.io/jetbrains-lp/?utm_source=JetBrains)

Provides transitive vulnerable dependency maven:org.springframework.boot:spring-boot-actuator-autoconfigure:3.4.1 * [CVE-2025-22235](https://www.mend.io/vulnerability-database/CVE-2025-22235?utm_source=Jetbrains) 7.3 Spring Boot EndpointRequest.to() creates wrong matcher if actuator endpoint is not exposed Results powered by [Mend.io](https://www.mend.io/jetbrains-lp/?utm_source=JetBrains)

Provides transitive vulnerable dependency maven:io.netty:netty-codec-http2:4.1.116.Final * [CVE-2025-55163](https://www.mend.io/vulnerability-database/CVE-2025-55163?utm_source=Jetbrains) 7.5 Netty MadeYouReset HTTP/2 DDoS Vulnerability * [CVE-2025-58057](https://www.mend.io/vulnerability-database/CVE-2025-58057?utm_source=Jetbrains) 7.5 Netty's BrotliDecoder is vulnerable to DoS via zip bomb style attack Results powered by [Mend.io](https://www.mend.io/jetbrains-lp/?utm_source=JetBrains)

Provides transitive vulnerable dependency maven:org.springframework.security:spring-security-crypto:6.4.2 * [CVE-2025-22228](https://www.mend.io/vulnerability-database/CVE-2025-22228?utm_source=JetBrains) 7.4 CVE-2025-22228: Spring Security BCryptPasswordEncoder does not enforce maximum password length Results powered by [Mend.io](https://www.mend.io/jetbrains-lp/?utm_source=JetBrains)

Provides transitive vulnerable dependency maven:io.netty:netty-codec-http2:4.1.116.Final * [CVE-2025-55163](https://www.mend.io/vulnerability-database/CVE-2025-55163?utm_source=Jetbrains) 7.5 Netty MadeYouReset HTTP/2 DDoS Vulnerability * [CVE-2025-58057](https://www.mend.io/vulnerability-database/CVE-2025-58057?utm_source=Jetbrains) 7.5 Netty's BrotliDecoder is vulnerable to DoS via zip bomb style attack Results powered by [Mend.io](https://www.mend.io/jetbrains-lp/?utm_source=JetBrains)

Provides transitive vulnerable dependency maven:org.assertj:assertj-core:3.25.3 * [CVE-2026-24400](https://www.mend.io/vulnerability-database/CVE-2026-24400?utm_source=Jetbrains) 7.3 AssertJ has XML External Entity (XXE) vulnerability when parsing untrusted XML via isXmlEqualTo assertion Results powered by [Mend.io](https://www.mend.io/jetbrains-lp/?utm_source=JetBrains)

Provides transitive vulnerable dependency maven:org.springframework.boot:spring-boot:3.4.1 * [CVE-2025-22235](https://www.mend.io/vulnerability-database/CVE-2025-22235?utm_source=Jetbrains) 7.3 Spring Boot EndpointRequest.to() creates wrong matcher if actuator endpoint is not exposed Results powered by [Mend.io](https://www.mend.io/jetbrains-lp/?utm_source=JetBrains)

Provides transitive vulnerable dependency maven:org.springframework.boot:spring-boot:3.4.1 * [CVE-2025-22235](https://www.mend.io/vulnerability-database/CVE-2025-22235?utm_source=Jetbrains) 7.3 Spring Boot EndpointRequest.to() creates wrong matcher if actuator endpoint is not exposed Results powered by [Mend.io](https://www.mend.io/jetbrains-lp/?utm_source=JetBrains)

Provides transitive vulnerable dependency maven:org.springframework.boot:spring-boot:3.4.1 * [CVE-2025-22235](https://www.mend.io/vulnerability-database/CVE-2025-22235?utm_source=Jetbrains) 7.3 Spring Boot EndpointRequest.to() creates wrong matcher if actuator endpoint is not exposed Results powered by [Mend.io](https://www.mend.io/jetbrains-lp/?utm_source=JetBrains)

Dependency maven:org.assertj:assertj-core:3.25.3 is vulnerable , safe version 3.27.7 * [CVE-2026-24400](https://www.mend.io/vulnerability-database/CVE-2026-24400?utm_source=Jetbrains) 7.3 AssertJ has XML External Entity (XXE) vulnerability when parsing untrusted XML via isXmlEqualTo assertion Results powered by [Mend.io](https://www.mend.io/jetbrains-lp/?utm_source=JetBrains)

Provides transitive vulnerable dependency maven:net.minidev:json-smart:2.5.1 * [CVE-2024-57699](https://www.mend.io/vulnerability-database/CVE-2024-57699?utm_source=JetBrains) 7.5 Insufficient Information Results powered by [Mend.io](https://www.mend.io/jetbrains-lp/?utm_source=JetBrains)

Provides transitive vulnerable dependency maven:io.netty:netty-codec-http2:4.1.116.Final * [CVE-2025-55163](https://www.mend.io/vulnerability-database/CVE-2025-55163?utm_source=Jetbrains) 7.5 Netty MadeYouReset HTTP/2 DDoS Vulnerability * [CVE-2025-58057](https://www.mend.io/vulnerability-database/CVE-2025-58057?utm_source=Jetbrains) 7.5 Netty's BrotliDecoder is vulnerable to DoS via zip bomb style attack Results powered by [Mend.io](https://www.mend.io/jetbrains-lp/?utm_source=JetBrains)

Dependency maven:org.assertj:assertj-core:3.25.3 is vulnerable , safe version 3.27.7 * [CVE-2026-24400](https://www.mend.io/vulnerability-database/CVE-2026-24400?utm_source=Jetbrains) 7.3 AssertJ has XML External Entity (XXE) vulnerability when parsing untrusted XML via isXmlEqualTo assertion Results powered by [Mend.io](https://www.mend.io/jetbrains-lp/?utm_source=JetBrains)

Provides transitive vulnerable dependency maven:org.springframework:spring-core:6.2.1 * [CVE-2025-41249](https://www.mend.io/vulnerability-database/CVE-2025-41249?utm_source=Jetbrains) 7.5 CVE-2025-41249: Spring Framework Annotation Detection Vulnerability Results powered by [Mend.io](https://www.mend.io/jetbrains-lp/?utm_source=JetBrains)

Provides transitive vulnerable dependency maven:net.minidev:json-smart:2.5.1 * [CVE-2024-57699](https://www.mend.io/vulnerability-database/CVE-2024-57699?utm_source=JetBrains) 7.5 Insufficient Information Results powered by [Mend.io](https://www.mend.io/jetbrains-lp/?utm_source=JetBrains)

Provides transitive vulnerable dependency maven:io.netty:netty-codec-http:4.1.116.Final * [CVE-2025-58057](https://www.mend.io/vulnerability-database/CVE-2025-58057?utm_source=Jetbrains) 7.5 Netty's BrotliDecoder is vulnerable to DoS via zip bomb style attack * [CVE-2025-58056](https://www.mend.io/vulnerability-database/CVE-2025-58056?utm_source=Jetbrains) 7.5 Netty is vulnerable to request smuggling due to incorrect parsing of chunk extensions * [CVE-2025-67735](https://www.mend.io/vulnerability-database/CVE-2025-67735?utm_source=Jetbrains) 6.5 Netty has a CRLF Injection vulnerability in io.netty.handler.codec.http.HttpRequestEncoder Results powered by [Mend.io](https://www.mend.io/jetbrains-lp/?utm_source=JetBrains)

Provides transitive vulnerable dependency maven:io.netty:netty-handler:4.1.116.Final * [CVE-2025-24970](https://www.mend.io/vulnerability-database/CVE-2025-24970?utm_source=JetBrains) 7.5 SslHandler doesn't correctly validate packets which can lead to native crash when using native SSLEngine Results powered by [Mend.io](https://www.mend.io/jetbrains-lp/?utm_source=JetBrains)

Provides transitive vulnerable dependency maven:org.springframework.security:spring-security-crypto:6.4.2 * [CVE-2025-22228](https://www.mend.io/vulnerability-database/CVE-2025-22228?utm_source=JetBrains) 7.4 CVE-2025-22228: Spring Security BCryptPasswordEncoder does not enforce maximum password length Results powered by [Mend.io](https://www.mend.io/jetbrains-lp/?utm_source=JetBrains)

Provides transitive vulnerable dependency maven:org.springframework.security:spring-security-crypto:6.4.2 * [CVE-2025-22228](https://www.mend.io/vulnerability-database/CVE-2025-22228?utm_source=JetBrains) 7.4 CVE-2025-22228: Spring Security BCryptPasswordEncoder does not enforce maximum password length Results powered by [Mend.io](https://www.mend.io/jetbrains-lp/?utm_source=JetBrains)

Provides transitive vulnerable dependency maven:org.springframework.boot:spring-boot-actuator-autoconfigure:3.4.1 * [CVE-2025-22235](https://www.mend.io/vulnerability-database/CVE-2025-22235?utm_source=Jetbrains) 7.3 Spring Boot EndpointRequest.to() creates wrong matcher if actuator endpoint is not exposed Results powered by [Mend.io](https://www.mend.io/jetbrains-lp/?utm_source=JetBrains)

Provides transitive vulnerable dependency maven:io.netty:netty-common:4.1.116.Final * [CVE-2025-25193](https://www.mend.io/vulnerability-database/CVE-2025-25193?utm_source=JetBrains) 5.5 Denial of Service attack on windows app using Netty Results powered by [Mend.io](https://www.mend.io/jetbrains-lp/?utm_source=JetBrains)

Provides transitive vulnerable dependency maven:org.springframework:spring-context:6.2.1 * [CVE-2025-22233](https://www.mend.io/vulnerability-database/CVE-2025-22233?utm_source=Jetbrains) 3.1 Spring Framework DataBinder Case Sensitive Match Exception Results powered by [Mend.io](https://www.mend.io/jetbrains-lp/?utm_source=JetBrains)

Provides transitive vulnerable dependency maven:ch.qos.logback:logback-classic:1.4.14 * [CVE-2024-12798](https://www.mend.io/vulnerability-database/CVE-2024-12798?utm_source=JetBrains) 6.6 JaninoEventEvaluator vulnerability Results powered by [Mend.io](https://www.mend.io/jetbrains-lp/?utm_source=JetBrains)

Provides transitive vulnerable dependency maven:org.springframework:spring-web:6.2.1 * [CVE-2025-41234](https://www.mend.io/vulnerability-database/CVE-2025-41234?utm_source=Jetbrains) 6.5 RFD Attack via "Content-Disposition" Header Sourced from Request Results powered by [Mend.io](https://www.mend.io/jetbrains-lp/?utm_source=JetBrains)

Provides transitive vulnerable dependency maven:ch.qos.logback:logback-core:1.5.12 * [CVE-2025-11226](https://www.mend.io/vulnerability-database/CVE-2025-11226?utm_source=JetBrains) 6.9 Conditional processing of logback.xml configuration file, in conjuction with Spring Framework and Janino * [CVE-2024-12798](https://www.mend.io/vulnerability-database/CVE-2024-12798?utm_source=JetBrains) 6.6 JaninoEventEvaluator vulnerability * [CVE-2026-1225](https://www.mend.io/vulnerability-database/CVE-2026-1225?utm_source=Jetbrains) 5.0 Malicious logback.xml configuration file allows instantiation of arbitrary classes * [GHSA-qqpg-mvqg-649v](https://www.mend.io/vulnerability-database/GHSA-qqpg-mvqg-649v?utm_source=Jetbrains) 5.0 Insufficient Information * [CVE-2024-12801](https://www.mend.io/vulnerability-database/CVE-2024-12801?utm_source=JetBrains) 4.4 SaxEventRecorder vulnerable to Server-Side Request Forgery (SSRF) attacks Results powered by [Mend.io](https://www.mend.io/jetbrains-lp/?utm_source=JetBrains)

Provides transitive vulnerable dependency maven:ch.qos.logback:logback-core:1.5.12 * [CVE-2025-11226](https://www.mend.io/vulnerability-database/CVE-2025-11226?utm_source=JetBrains) 6.9 Conditional processing of logback.xml configuration file, in conjuction with Spring Framework and Janino * [CVE-2024-12798](https://www.mend.io/vulnerability-database/CVE-2024-12798?utm_source=JetBrains) 6.6 JaninoEventEvaluator vulnerability * [CVE-2026-1225](https://www.mend.io/vulnerability-database/CVE-2026-1225?utm_source=Jetbrains) 5.0 Malicious logback.xml configuration file allows instantiation of arbitrary classes * [GHSA-qqpg-mvqg-649v](https://www.mend.io/vulnerability-database/GHSA-qqpg-mvqg-649v?utm_source=Jetbrains) 5.0 Insufficient Information * [CVE-2024-12801](https://www.mend.io/vulnerability-database/CVE-2024-12801?utm_source=JetBrains) 4.4 SaxEventRecorder vulnerable to Server-Side Request Forgery (SSRF) attacks Results powered by [Mend.io](https://www.mend.io/jetbrains-lp/?utm_source=JetBrains)

Provides transitive vulnerable dependency maven:org.springframework:spring-beans:6.2.1 * [CVE-2025-41242](https://www.mend.io/vulnerability-database/CVE-2025-41242?utm_source=JetBrains) 5.9 CVE-2025-41242: Path traversal vulnerability on non-compliant Servlet containers Results powered by [Mend.io](https://www.mend.io/jetbrains-lp/?utm_source=JetBrains)

Provides transitive vulnerable dependency maven:ch.qos.logback:logback-classic:1.4.14 * [CVE-2024-12798](https://www.mend.io/vulnerability-database/CVE-2024-12798?utm_source=JetBrains) 6.6 JaninoEventEvaluator vulnerability Results powered by [Mend.io](https://www.mend.io/jetbrains-lp/?utm_source=JetBrains)

Provides transitive vulnerable dependency maven:ch.qos.logback:logback-core:1.5.12 * [CVE-2025-11226](https://www.mend.io/vulnerability-database/CVE-2025-11226?utm_source=JetBrains) 6.9 Conditional processing of logback.xml configuration file, in conjuction with Spring Framework and Janino * [CVE-2024-12798](https://www.mend.io/vulnerability-database/CVE-2024-12798?utm_source=JetBrains) 6.6 JaninoEventEvaluator vulnerability * [CVE-2026-1225](https://www.mend.io/vulnerability-database/CVE-2026-1225?utm_source=Jetbrains) 5.0 Malicious logback.xml configuration file allows instantiation of arbitrary classes * [GHSA-qqpg-mvqg-649v](https://www.mend.io/vulnerability-database/GHSA-qqpg-mvqg-649v?utm_source=Jetbrains) 5.0 Insufficient Information * [CVE-2024-12801](https://www.mend.io/vulnerability-database/CVE-2024-12801?utm_source=JetBrains) 4.4 SaxEventRecorder vulnerable to Server-Side Request Forgery (SSRF) attacks Results powered by [Mend.io](https://www.mend.io/jetbrains-lp/?utm_source=JetBrains)

Provides transitive vulnerable dependency maven:org.springframework:spring-webmvc:6.2.1 * [CVE-2025-41242](https://www.mend.io/vulnerability-database/CVE-2025-41242?utm_source=JetBrains) 5.9 CVE-2025-41242: Path traversal vulnerability on non-compliant Servlet containers Results powered by [Mend.io](https://www.mend.io/jetbrains-lp/?utm_source=JetBrains)

Provides transitive vulnerable dependency maven:org.springframework:spring-context:6.2.1 * [CVE-2025-22233](https://www.mend.io/vulnerability-database/CVE-2025-22233?utm_source=Jetbrains) 3.1 Spring Framework DataBinder Case Sensitive Match Exception Results powered by [Mend.io](https://www.mend.io/jetbrains-lp/?utm_source=JetBrains)

Provides transitive vulnerable dependency maven:org.springframework:spring-websocket:6.2.1 * [CVE-2025-41254](https://www.mend.io/vulnerability-database/CVE-2025-41254?utm_source=Jetbrains) 4.3 Spring Framework STOMP CSRF Vulnerability Results powered by [Mend.io](https://www.mend.io/jetbrains-lp/?utm_source=JetBrains)

Provides transitive vulnerable dependency maven:ch.qos.logback:logback-core:1.5.12 * [CVE-2025-11226](https://www.mend.io/vulnerability-database/CVE-2025-11226?utm_source=JetBrains) 6.9 Conditional processing of logback.xml configuration file, in conjuction with Spring Framework and Janino * [CVE-2024-12798](https://www.mend.io/vulnerability-database/CVE-2024-12798?utm_source=JetBrains) 6.6 JaninoEventEvaluator vulnerability * [CVE-2026-1225](https://www.mend.io/vulnerability-database/CVE-2026-1225?utm_source=Jetbrains) 5.0 Malicious logback.xml configuration file allows instantiation of arbitrary classes * [GHSA-qqpg-mvqg-649v](https://www.mend.io/vulnerability-database/GHSA-qqpg-mvqg-649v?utm_source=Jetbrains) 5.0 Insufficient Information * [CVE-2024-12801](https://www.mend.io/vulnerability-database/CVE-2024-12801?utm_source=JetBrains) 4.4 SaxEventRecorder vulnerable to Server-Side Request Forgery (SSRF) attacks Results powered by [Mend.io](https://www.mend.io/jetbrains-lp/?utm_source=JetBrains)

Provides transitive vulnerable dependency maven:org.springframework:spring-beans:6.2.1 * [CVE-2025-41242](https://www.mend.io/vulnerability-database/CVE-2025-41242?utm_source=JetBrains) 5.9 CVE-2025-41242: Path traversal vulnerability on non-compliant Servlet containers Results powered by [Mend.io](https://www.mend.io/jetbrains-lp/?utm_source=JetBrains)

Provides transitive vulnerable dependency maven:io.projectreactor.netty:reactor-netty-http:1.2.1 * [CVE-2025-22227](https://www.mend.io/vulnerability-database/CVE-2025-22227?utm_source=Jetbrains) 6.1 CVE-2025-22227: Authentication Leak On Redirect With Reactor Netty HTTP Client Results powered by [Mend.io](https://www.mend.io/jetbrains-lp/?utm_source=JetBrains)

Provides transitive vulnerable dependency maven:io.netty:netty-common:4.1.116.Final * [CVE-2025-25193](https://www.mend.io/vulnerability-database/CVE-2025-25193?utm_source=JetBrains) 5.5 Denial of Service attack on windows app using Netty Results powered by [Mend.io](https://www.mend.io/jetbrains-lp/?utm_source=JetBrains)

Provides transitive vulnerable dependency maven:org.apache.commons:commons-lang3:3.17.0 * [CVE-2025-48924](https://www.mend.io/vulnerability-database/CVE-2025-48924?utm_source=Jetbrains) 5.3 Insufficient Information Results powered by [Mend.io](https://www.mend.io/jetbrains-lp/?utm_source=JetBrains)

Provides transitive vulnerable dependency maven:ch.qos.logback:logback-classic:1.4.14 * [CVE-2024-12798](https://www.mend.io/vulnerability-database/CVE-2024-12798?utm_source=JetBrains) 6.6 JaninoEventEvaluator vulnerability Results powered by [Mend.io](https://www.mend.io/jetbrains-lp/?utm_source=JetBrains)

Provides transitive vulnerable dependency maven:org.apache.commons:commons-lang3:3.17.0 * [CVE-2025-48924](https://www.mend.io/vulnerability-database/CVE-2025-48924?utm_source=Jetbrains) 5.3 Insufficient Information Results powered by [Mend.io](https://www.mend.io/jetbrains-lp/?utm_source=JetBrains)

Provides transitive vulnerable dependency maven:org.apache.commons:commons-lang3:3.17.0 * [CVE-2025-48924](https://www.mend.io/vulnerability-database/CVE-2025-48924?utm_source=Jetbrains) 5.3 Insufficient Information Results powered by [Mend.io](https://www.mend.io/jetbrains-lp/?utm_source=JetBrains)

Provides transitive vulnerable dependency maven:org.apache.commons:commons-lang3:3.17.0 * [CVE-2025-48924](https://www.mend.io/vulnerability-database/CVE-2025-48924?utm_source=Jetbrains) 5.3 Insufficient Information Results powered by [Mend.io](https://www.mend.io/jetbrains-lp/?utm_source=JetBrains)

Provides transitive vulnerable dependency maven:io.netty:netty-common:4.1.116.Final * [CVE-2025-25193](https://www.mend.io/vulnerability-database/CVE-2025-25193?utm_source=JetBrains) 5.5 Denial of Service attack on windows app using Netty Results powered by [Mend.io](https://www.mend.io/jetbrains-lp/?utm_source=JetBrains)

Provides transitive vulnerable dependency maven:org.springframework:spring-context:6.2.1 * [CVE-2025-22233](https://www.mend.io/vulnerability-database/CVE-2025-22233?utm_source=Jetbrains) 3.1 Spring Framework DataBinder Case Sensitive Match Exception Results powered by [Mend.io](https://www.mend.io/jetbrains-lp/?utm_source=JetBrains)

Provides transitive vulnerable dependency maven:org.springframework:spring-beans:6.2.1 * [CVE-2025-41242](https://www.mend.io/vulnerability-database/CVE-2025-41242?utm_source=JetBrains) 5.9 CVE-2025-41242: Path traversal vulnerability on non-compliant Servlet containers Results powered by [Mend.io](https://www.mend.io/jetbrains-lp/?utm_source=JetBrains)

Provides transitive vulnerable dependency maven:org.springframework:spring-websocket:6.2.1 * [CVE-2025-41254](https://www.mend.io/vulnerability-database/CVE-2025-41254?utm_source=Jetbrains) 4.3 Spring Framework STOMP CSRF Vulnerability Results powered by [Mend.io](https://www.mend.io/jetbrains-lp/?utm_source=JetBrains)

Provides transitive vulnerable dependency maven:org.springframework:spring-beans:6.2.1 * [CVE-2025-41242](https://www.mend.io/vulnerability-database/CVE-2025-41242?utm_source=JetBrains) 5.9 CVE-2025-41242: Path traversal vulnerability on non-compliant Servlet containers Results powered by [Mend.io](https://www.mend.io/jetbrains-lp/?utm_source=JetBrains)

Provides transitive vulnerable dependency maven:org.apache.commons:commons-lang3:3.17.0 * [CVE-2025-48924](https://www.mend.io/vulnerability-database/CVE-2025-48924?utm_source=Jetbrains) 5.3 Insufficient Information Results powered by [Mend.io](https://www.mend.io/jetbrains-lp/?utm_source=JetBrains)

Provides transitive vulnerable dependency maven:org.springframework:spring-beans:6.2.1 * [CVE-2025-41242](https://www.mend.io/vulnerability-database/CVE-2025-41242?utm_source=JetBrains) 5.9 CVE-2025-41242: Path traversal vulnerability on non-compliant Servlet containers Results powered by [Mend.io](https://www.mend.io/jetbrains-lp/?utm_source=JetBrains)

Provides transitive vulnerable dependency maven:ch.qos.logback:logback-core:1.5.12 * [CVE-2025-11226](https://www.mend.io/vulnerability-database/CVE-2025-11226?utm_source=JetBrains) 6.9 Conditional processing of logback.xml configuration file, in conjuction with Spring Framework and Janino * [CVE-2024-12798](https://www.mend.io/vulnerability-database/CVE-2024-12798?utm_source=JetBrains) 6.6 JaninoEventEvaluator vulnerability * [CVE-2026-1225](https://www.mend.io/vulnerability-database/CVE-2026-1225?utm_source=Jetbrains) 5.0 Malicious logback.xml configuration file allows instantiation of arbitrary classes * [GHSA-qqpg-mvqg-649v](https://www.mend.io/vulnerability-database/GHSA-qqpg-mvqg-649v?utm_source=Jetbrains) 5.0 Insufficient Information * [CVE-2024-12801](https://www.mend.io/vulnerability-database/CVE-2024-12801?utm_source=JetBrains) 4.4 SaxEventRecorder vulnerable to Server-Side Request Forgery (SSRF) attacks Results powered by [Mend.io](https://www.mend.io/jetbrains-lp/?utm_source=JetBrains)

Provides transitive vulnerable dependency maven:io.projectreactor.netty:reactor-netty-http:1.2.1 * [CVE-2025-22227](https://www.mend.io/vulnerability-database/CVE-2025-22227?utm_source=Jetbrains) 6.1 CVE-2025-22227: Authentication Leak On Redirect With Reactor Netty HTTP Client Results powered by [Mend.io](https://www.mend.io/jetbrains-lp/?utm_source=JetBrains)

Provides transitive vulnerable dependency maven:io.netty:netty-common:4.1.116.Final * [CVE-2025-25193](https://www.mend.io/vulnerability-database/CVE-2025-25193?utm_source=JetBrains) 5.5 Denial of Service attack on windows app using Netty Results powered by [Mend.io](https://www.mend.io/jetbrains-lp/?utm_source=JetBrains)

Provides transitive vulnerable dependency maven:org.springframework:spring-web:6.2.1 * [CVE-2025-41234](https://www.mend.io/vulnerability-database/CVE-2025-41234?utm_source=Jetbrains) 6.5 RFD Attack via "Content-Disposition" Header Sourced from Request Results powered by [Mend.io](https://www.mend.io/jetbrains-lp/?utm_source=JetBrains)

Provides transitive vulnerable dependency maven:io.projectreactor.netty:reactor-netty-http:1.2.1 * [CVE-2025-22227](https://www.mend.io/vulnerability-database/CVE-2025-22227?utm_source=Jetbrains) 6.1 CVE-2025-22227: Authentication Leak On Redirect With Reactor Netty HTTP Client Results powered by [Mend.io](https://www.mend.io/jetbrains-lp/?utm_source=JetBrains)

Provides transitive vulnerable dependency maven:org.apache.commons:commons-lang3:3.17.0 * [CVE-2025-48924](https://www.mend.io/vulnerability-database/CVE-2025-48924?utm_source=Jetbrains) 5.3 Insufficient Information Results powered by [Mend.io](https://www.mend.io/jetbrains-lp/?utm_source=JetBrains)

Provides transitive vulnerable dependency maven:io.projectreactor.netty:reactor-netty-http:1.2.1 * [CVE-2025-22227](https://www.mend.io/vulnerability-database/CVE-2025-22227?utm_source=Jetbrains) 6.1 CVE-2025-22227: Authentication Leak On Redirect With Reactor Netty HTTP Client Results powered by [Mend.io](https://www.mend.io/jetbrains-lp/?utm_source=JetBrains)

Provides transitive vulnerable dependency maven:org.springframework:spring-web:6.2.1 * [CVE-2025-41234](https://www.mend.io/vulnerability-database/CVE-2025-41234?utm_source=Jetbrains) 6.5 RFD Attack via "Content-Disposition" Header Sourced from Request Results powered by [Mend.io](https://www.mend.io/jetbrains-lp/?utm_source=JetBrains)

Provides transitive vulnerable dependency maven:org.springframework:spring-beans:6.2.1 * [CVE-2025-41242](https://www.mend.io/vulnerability-database/CVE-2025-41242?utm_source=JetBrains) 5.9 CVE-2025-41242: Path traversal vulnerability on non-compliant Servlet containers Results powered by [Mend.io](https://www.mend.io/jetbrains-lp/?utm_source=JetBrains)

Provides transitive vulnerable dependency maven:org.springframework:spring-context:6.2.1 * [CVE-2025-22233](https://www.mend.io/vulnerability-database/CVE-2025-22233?utm_source=Jetbrains) 3.1 Spring Framework DataBinder Case Sensitive Match Exception Results powered by [Mend.io](https://www.mend.io/jetbrains-lp/?utm_source=JetBrains)

Provides transitive vulnerable dependency maven:ch.qos.logback:logback-classic:1.4.14 * [CVE-2024-12798](https://www.mend.io/vulnerability-database/CVE-2024-12798?utm_source=JetBrains) 6.6 JaninoEventEvaluator vulnerability Results powered by [Mend.io](https://www.mend.io/jetbrains-lp/?utm_source=JetBrains)

Provides transitive vulnerable dependency maven:ch.qos.logback:logback-classic:1.4.14 * [CVE-2024-12798](https://www.mend.io/vulnerability-database/CVE-2024-12798?utm_source=JetBrains) 6.6 JaninoEventEvaluator vulnerability Results powered by [Mend.io](https://www.mend.io/jetbrains-lp/?utm_source=JetBrains)

Provides transitive vulnerable dependency maven:org.springframework:spring-webmvc:6.2.1 * [CVE-2025-41242](https://www.mend.io/vulnerability-database/CVE-2025-41242?utm_source=JetBrains) 5.9 CVE-2025-41242: Path traversal vulnerability on non-compliant Servlet containers Results powered by [Mend.io](https://www.mend.io/jetbrains-lp/?utm_source=JetBrains)

Provides transitive vulnerable dependency maven:ch.qos.logback:logback-classic:1.4.14 * [CVE-2024-12798](https://www.mend.io/vulnerability-database/CVE-2024-12798?utm_source=JetBrains) 6.6 JaninoEventEvaluator vulnerability Results powered by [Mend.io](https://www.mend.io/jetbrains-lp/?utm_source=JetBrains)

Provides transitive vulnerable dependency maven:org.springframework:spring-context:6.2.1 * [CVE-2025-22233](https://www.mend.io/vulnerability-database/CVE-2025-22233?utm_source=Jetbrains) 3.1 Spring Framework DataBinder Case Sensitive Match Exception Results powered by [Mend.io](https://www.mend.io/jetbrains-lp/?utm_source=JetBrains)

Provides transitive vulnerable dependency maven:io.netty:netty-common:4.1.116.Final * [CVE-2025-25193](https://www.mend.io/vulnerability-database/CVE-2025-25193?utm_source=JetBrains) 5.5 Denial of Service attack on windows app using Netty Results powered by [Mend.io](https://www.mend.io/jetbrains-lp/?utm_source=JetBrains)

Provides transitive vulnerable dependency maven:org.springframework:spring-websocket:6.2.1 * [CVE-2025-41254](https://www.mend.io/vulnerability-database/CVE-2025-41254?utm_source=Jetbrains) 4.3 Spring Framework STOMP CSRF Vulnerability Results powered by [Mend.io](https://www.mend.io/jetbrains-lp/?utm_source=JetBrains)

Provides transitive vulnerable dependency maven:org.springframework:spring-webmvc:6.2.1 * [CVE-2025-41242](https://www.mend.io/vulnerability-database/CVE-2025-41242?utm_source=JetBrains) 5.9 CVE-2025-41242: Path traversal vulnerability on non-compliant Servlet containers Results powered by [Mend.io](https://www.mend.io/jetbrains-lp/?utm_source=JetBrains)

Provides transitive vulnerable dependency maven:org.springframework:spring-webmvc:6.2.1 * [CVE-2025-41242](https://www.mend.io/vulnerability-database/CVE-2025-41242?utm_source=JetBrains) 5.9 CVE-2025-41242: Path traversal vulnerability on non-compliant Servlet containers Results powered by [Mend.io](https://www.mend.io/jetbrains-lp/?utm_source=JetBrains)

Provides transitive vulnerable dependency maven:org.apache.commons:commons-lang3:3.17.0 * [CVE-2025-48924](https://www.mend.io/vulnerability-database/CVE-2025-48924?utm_source=Jetbrains) 5.3 Insufficient Information Results powered by [Mend.io](https://www.mend.io/jetbrains-lp/?utm_source=JetBrains)

Provides transitive vulnerable dependency maven:io.projectreactor.netty:reactor-netty-http:1.2.1 * [CVE-2025-22227](https://www.mend.io/vulnerability-database/CVE-2025-22227?utm_source=Jetbrains) 6.1 CVE-2025-22227: Authentication Leak On Redirect With Reactor Netty HTTP Client Results powered by [Mend.io](https://www.mend.io/jetbrains-lp/?utm_source=JetBrains)

Provides transitive vulnerable dependency maven:org.springframework:spring-context:6.2.1 * [CVE-2025-22233](https://www.mend.io/vulnerability-database/CVE-2025-22233?utm_source=Jetbrains) 3.1 Spring Framework DataBinder Case Sensitive Match Exception Results powered by [Mend.io](https://www.mend.io/jetbrains-lp/?utm_source=JetBrains)

Provides transitive vulnerable dependency maven:org.springframework:spring-beans:6.2.1 * [CVE-2025-41242](https://www.mend.io/vulnerability-database/CVE-2025-41242?utm_source=JetBrains) 5.9 CVE-2025-41242: Path traversal vulnerability on non-compliant Servlet containers Results powered by [Mend.io](https://www.mend.io/jetbrains-lp/?utm_source=JetBrains)

Provides transitive vulnerable dependency maven:ch.qos.logback:logback-core:1.5.12 * [CVE-2025-11226](https://www.mend.io/vulnerability-database/CVE-2025-11226?utm_source=JetBrains) 6.9 Conditional processing of logback.xml configuration file, in conjuction with Spring Framework and Janino * [CVE-2024-12798](https://www.mend.io/vulnerability-database/CVE-2024-12798?utm_source=JetBrains) 6.6 JaninoEventEvaluator vulnerability * [CVE-2026-1225](https://www.mend.io/vulnerability-database/CVE-2026-1225?utm_source=Jetbrains) 5.0 Malicious logback.xml configuration file allows instantiation of arbitrary classes * [GHSA-qqpg-mvqg-649v](https://www.mend.io/vulnerability-database/GHSA-qqpg-mvqg-649v?utm_source=Jetbrains) 5.0 Insufficient Information * [CVE-2024-12801](https://www.mend.io/vulnerability-database/CVE-2024-12801?utm_source=JetBrains) 4.4 SaxEventRecorder vulnerable to Server-Side Request Forgery (SSRF) attacks Results powered by [Mend.io](https://www.mend.io/jetbrains-lp/?utm_source=JetBrains)

Provides transitive vulnerable dependency maven:ch.qos.logback:logback-core:1.5.12 * [CVE-2025-11226](https://www.mend.io/vulnerability-database/CVE-2025-11226?utm_source=JetBrains) 6.9 Conditional processing of logback.xml configuration file, in conjuction with Spring Framework and Janino * [CVE-2024-12798](https://www.mend.io/vulnerability-database/CVE-2024-12798?utm_source=JetBrains) 6.6 JaninoEventEvaluator vulnerability * [CVE-2026-1225](https://www.mend.io/vulnerability-database/CVE-2026-1225?utm_source=Jetbrains) 5.0 Malicious logback.xml configuration file allows instantiation of arbitrary classes * [GHSA-qqpg-mvqg-649v](https://www.mend.io/vulnerability-database/GHSA-qqpg-mvqg-649v?utm_source=Jetbrains) 5.0 Insufficient Information * [CVE-2024-12801](https://www.mend.io/vulnerability-database/CVE-2024-12801?utm_source=JetBrains) 4.4 SaxEventRecorder vulnerable to Server-Side Request Forgery (SSRF) attacks Results powered by [Mend.io](https://www.mend.io/jetbrains-lp/?utm_source=JetBrains)

Provides transitive vulnerable dependency maven:org.springframework:spring-webmvc:6.2.1 * [CVE-2025-41242](https://www.mend.io/vulnerability-database/CVE-2025-41242?utm_source=JetBrains) 5.9 CVE-2025-41242: Path traversal vulnerability on non-compliant Servlet containers Results powered by [Mend.io](https://www.mend.io/jetbrains-lp/?utm_source=JetBrains)

Provides transitive vulnerable dependency maven:org.springframework:spring-context:6.2.1 * [CVE-2025-22233](https://www.mend.io/vulnerability-database/CVE-2025-22233?utm_source=Jetbrains) 3.1 Spring Framework DataBinder Case Sensitive Match Exception Results powered by [Mend.io](https://www.mend.io/jetbrains-lp/?utm_source=JetBrains)

Provides transitive vulnerable dependency maven:org.springframework:spring-web:6.2.1 * [CVE-2025-41234](https://www.mend.io/vulnerability-database/CVE-2025-41234?utm_source=Jetbrains) 6.5 RFD Attack via "Content-Disposition" Header Sourced from Request Results powered by [Mend.io](https://www.mend.io/jetbrains-lp/?utm_source=JetBrains)

Provides transitive vulnerable dependency maven:org.springframework:spring-web:6.2.1 * [CVE-2025-41234](https://www.mend.io/vulnerability-database/CVE-2025-41234?utm_source=Jetbrains) 6.5 RFD Attack via "Content-Disposition" Header Sourced from Request Results powered by [Mend.io](https://www.mend.io/jetbrains-lp/?utm_source=JetBrains)

Provides transitive vulnerable dependency maven:org.springframework:spring-context:6.2.1 * [CVE-2025-22233](https://www.mend.io/vulnerability-database/CVE-2025-22233?utm_source=Jetbrains) 3.1 Spring Framework DataBinder Case Sensitive Match Exception Results powered by [Mend.io](https://www.mend.io/jetbrains-lp/?utm_source=JetBrains)

Provides transitive vulnerable dependency maven:ch.qos.logback:logback-classic:1.4.14 * [CVE-2024-12798](https://www.mend.io/vulnerability-database/CVE-2024-12798?utm_source=JetBrains) 6.6 JaninoEventEvaluator vulnerability Results powered by [Mend.io](https://www.mend.io/jetbrains-lp/?utm_source=JetBrains)

Provides transitive vulnerable dependency maven:ch.qos.logback:logback-core:1.5.12 * [CVE-2025-11226](https://www.mend.io/vulnerability-database/CVE-2025-11226?utm_source=JetBrains) 6.9 Conditional processing of logback.xml configuration file, in conjuction with Spring Framework and Janino * [CVE-2024-12798](https://www.mend.io/vulnerability-database/CVE-2024-12798?utm_source=JetBrains) 6.6 JaninoEventEvaluator vulnerability * [CVE-2026-1225](https://www.mend.io/vulnerability-database/CVE-2026-1225?utm_source=Jetbrains) 5.0 Malicious logback.xml configuration file allows instantiation of arbitrary classes * [GHSA-qqpg-mvqg-649v](https://www.mend.io/vulnerability-database/GHSA-qqpg-mvqg-649v?utm_source=Jetbrains) 5.0 Insufficient Information * [CVE-2024-12801](https://www.mend.io/vulnerability-database/CVE-2024-12801?utm_source=JetBrains) 4.4 SaxEventRecorder vulnerable to Server-Side Request Forgery (SSRF) attacks Results powered by [Mend.io](https://www.mend.io/jetbrains-lp/?utm_source=JetBrains)

Provides transitive vulnerable dependency maven:org.springframework:spring-web:6.2.1 * [CVE-2025-41234](https://www.mend.io/vulnerability-database/CVE-2025-41234?utm_source=Jetbrains) 6.5 RFD Attack via "Content-Disposition" Header Sourced from Request Results powered by [Mend.io](https://www.mend.io/jetbrains-lp/?utm_source=JetBrains)

Provides transitive vulnerable dependency maven:io.projectreactor.netty:reactor-netty-http:1.2.1 * [CVE-2025-22227](https://www.mend.io/vulnerability-database/CVE-2025-22227?utm_source=Jetbrains) 6.1 CVE-2025-22227: Authentication Leak On Redirect With Reactor Netty HTTP Client Results powered by [Mend.io](https://www.mend.io/jetbrains-lp/?utm_source=JetBrains)

Provides transitive vulnerable dependency maven:io.netty:netty-common:4.1.116.Final * [CVE-2025-25193](https://www.mend.io/vulnerability-database/CVE-2025-25193?utm_source=JetBrains) 5.5 Denial of Service attack on windows app using Netty Results powered by [Mend.io](https://www.mend.io/jetbrains-lp/?utm_source=JetBrains)

Provides transitive vulnerable dependency maven:org.apache.commons:commons-lang3:3.17.0 * [CVE-2025-48924](https://www.mend.io/vulnerability-database/CVE-2025-48924?utm_source=Jetbrains) 5.3 Insufficient Information Results powered by [Mend.io](https://www.mend.io/jetbrains-lp/?utm_source=JetBrains)

Provides transitive vulnerable dependency maven:org.apache.commons:commons-lang3:3.17.0 * [CVE-2025-48924](https://www.mend.io/vulnerability-database/CVE-2025-48924?utm_source=Jetbrains) 5.3 Insufficient Information Results powered by [Mend.io](https://www.mend.io/jetbrains-lp/?utm_source=JetBrains)

Provides transitive vulnerable dependency maven:org.springframework:spring-beans:6.2.1 * [CVE-2025-41242](https://www.mend.io/vulnerability-database/CVE-2025-41242?utm_source=JetBrains) 5.9 CVE-2025-41242: Path traversal vulnerability on non-compliant Servlet containers Results powered by [Mend.io](https://www.mend.io/jetbrains-lp/?utm_source=JetBrains)