search

5l1D3R / Github-actions

0 stars 0 forks source link

CVE: 2018-15756 found in Spring Web MVC - Version: 4.3.10.RELEASE [JAVA] #42

Open github-actions[bot] opened 1 year ago

github-actions[bot] commented 1 year ago

Veracode Software Composition Analysis

Attribute Details
Library Spring Web MVC
Description Spring Web MVC
Language JAVA
Vulnerability Denial Of Service (DoS)
Vulnerability description spring-web is vulnerable to denial of service (DoS). A malicious user can pass a HTTP request containing a header with overlapping ranges, leading to an error which would crash the service.
CVE 2018-15756
CVSS score 5
Vulnerability present in version/s 4.3.0.RELEASE-4.3.19.RELEASE
Found library version/s 4.3.10.RELEASE
Vulnerability fixed in version 4.3.20.RELEASE
Library latest version 6.0.2
Fix

Links:

github-actions[bot] commented 1 year ago

Veracode issue link to PR: https://github.com/5l1D3R/Github-actions/pull/2