In Spring Framework, versions 3.0.0.RELEASE through 3.2.17.RELEASE, 4.0.0.RELEASE through 4.2.7.RELEASE and 4.3.0.RELEASE through 4.3.1.RELEASE are vulnerable to Stack-based Buffer Overflow, which allows an authenticated attacker to crash the application when giving CronSequenceGenerator a reversed range in the “minutes” or “hours” fields.
WS-2016-7112 - Medium Severity Vulnerability
Vulnerable Library - spring-context-4.3.1.RELEASE.jar
Spring Context
Library home page: https://github.com/spring-projects/spring-framework
Path to dependency file: /Test_2/fs-agent-master/fs-agent-master/pom.xml
Path to vulnerable library: /root/.m2/repository/org/springframework/spring-context/4.3.1.RELEASE/spring-context-4.3.1.RELEASE.jar
Dependency Hierarchy: - whitesource-analysis-via-18.12.1.204.jar (Root Library) - whitesource-utilities-0.0.1.jar - spring-web-4.3.1.RELEASE.jar - :x: **spring-context-4.3.1.RELEASE.jar** (Vulnerable Library)
Found in base branch: master
Vulnerability Details
In Spring Framework, versions 3.0.0.RELEASE through 3.2.17.RELEASE, 4.0.0.RELEASE through 4.2.7.RELEASE and 4.3.0.RELEASE through 4.3.1.RELEASE are vulnerable to Stack-based Buffer Overflow, which allows an authenticated attacker to crash the application when giving CronSequenceGenerator a reversed range in the “minutes” or “hours” fields.
Publish Date: 2021-09-23
URL: WS-2016-7112
CVSS 3 Score Details (4.9)
Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: High - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: None - Integrity Impact: None - Availability Impact: High
For more information on CVSS3 Scores, click here.Suggested Fix
Type: Upgrade version
Release Date: 2016-07-14
Fix Resolution: org.springframework:spring-context:3.2.18.RELEASE,4.2.8.RELEASE,4.3.2.RELEASE,5.0.0.RELEASE
Step up your Open Source Security Game with Mend here