5l1D3R / Github-actions

0 stars 0 forks source link

CVE: 2021-22096 found in Spring Core - Version: 4.3.10.RELEASE [JAVA] #37

Open github-actions[bot] opened 1 year ago

github-actions[bot] commented 1 year ago

Veracode Software Composition Analysis

Attribute Details
Library Spring Core
Description Spring Core
Language JAVA
Vulnerability Log Injection
Vulnerability description Spring Framework is vulnerable to privilege escalation. The vulnerability exists due to lack of secure validations of user input which allows a malicious user to inject additional log files.
CVE 2021-22096
CVSS score 4
Vulnerability present in version/s 1.0-rc1-5.2.17.RELEASE
Found library version/s 4.3.10.RELEASE
Vulnerability fixed in version 5.2.18.RELEASE
Library latest version 6.0.2
Fix

Links:

github-actions[bot] commented 1 year ago

Veracode issue link to PR: https://github.com/5l1D3R/Github-actions/pull/2