Multiple Spring Vulnerabilities, June 2022 

Issue date: 29-06-2022
Affects versions: 15.0, 14.7, 13.4

Security Issue ID

SECURITY-319, 320, and 327


Affected Product Version(s)

15.0.0, 14.7.6, 13.4.17, and all previous versions





Several vulnerabilities have been reported related to the Spring Framework's handling of expressions and data binding. These features of Spring are not used by brXM, so the product is not directly vulnerable. However, these features may have been used by customer project code.


Update to the latest version. We also advise to check your project for a vulnerable customization using Spring SpEL expressions or data binding with untrusted input data.