Skip to content

[GHSA-4773-3jfm-qmx3] Spring Framework Improper Path Limitation with Script View Templates#7810

Open
rknj wants to merge 1 commit into
rknj/advisory-improvement-7810from
rknj-GHSA-4773-3jfm-qmx3
Open

[GHSA-4773-3jfm-qmx3] Spring Framework Improper Path Limitation with Script View Templates#7810
rknj wants to merge 1 commit into
rknj/advisory-improvement-7810from
rknj-GHSA-4773-3jfm-qmx3

Conversation

@rknj
Copy link
Copy Markdown

@rknj rknj commented May 26, 2026

Updates

  • Affected products
  • Description

Comments
Older versions (<= 5.3.0) are also affected as per the "Affected Spring Products and Versions" section in https://spring.io/security/cve-2026-22737

Copilot AI review requested due to automatic review settings May 26, 2026 09:36
Copilot AI reviewed May 26, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Note

Copilot was unable to run its full agentic suite in this review.

Updates the GHSA-4773-3jfm-qmx3 advisory to reflect that older, unsupported Spring Framework versions are also affected by the vulnerability.

Changes:

  • Updated the details text to indicate older unsupported versions are also affected.
  • Changed two introduced version entries from 5.3.0 to 0 to reflect broader affected range.
  • Bumped the modified timestamp.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@github-actions github-actions Bot changed the base branch from main to rknj/advisory-improvement-7810 May 26, 2026 09:37
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@rknj