5l1D3R / Github-actions

0 stars 0 forks source link

CVE: 2018-1199 found in Spring Web MVC - Version: 4.3.10.RELEASE [JAVA] #39

Open github-actions[bot] opened 1 year ago

github-actions[bot] commented 1 year ago

Veracode Software Composition Analysis

Attribute Details
Library Spring Web MVC
Description Spring Web MVC
Language JAVA
Vulnerability Security Constraint Bypass
Vulnerability description spring-security-web and spring-web are vulnerable to security bypass with static resources. Spring uses the output of getPathInfo() when mapping security constraints and requests. It is not standardized whether the path parameters should be included in the value from getPathInfo(). Using this knowledge, attackers can bypass security constraints by using encoded characters.
CVE 2018-1199
CVSS score 5
Vulnerability present in version/s 3.1.0.RELEASE-4.3.12.RELEASE
Found library version/s 4.3.10.RELEASE
Vulnerability fixed in version 4.3.13.RELEASE
Library latest version 6.0.2
Fix

Links:

github-actions[bot] commented 1 year ago

Veracode issue link to PR: https://github.com/5l1D3R/Github-actions/pull/2