issues
search
gwhittemore-veracode
/
Veracode-GW-Training-demo
1
stars
0
forks
source link
CVE: 2020-5421 found in Spring Web - Version: 4.3.10.RELEASE [JAVA]
#33
Open
github-actions[bot]
opened
2 years ago
github-actions[bot]
commented
2 years ago
Veracode Software Composition Analysis
Attribute
Details
Library
Spring Web
Description
Spring Web
Language
JAVA
Vulnerability
Reflected File Download (RFD) Attack
Vulnerability description
spring-web is vulnerable to Reflected File Download (RFD) attack. An incomplete fix of CVE-2015-5211 allows an attacker to bypass the protection against RFD attack via the
jsessionid
path parameter.
CVE
2020-5421
CVSS score
3.6
Vulnerability present in version/s
4.3.0.RELEASE-4.3.28.RELEASE
Found library version/s
4.3.10.RELEASE
Vulnerability fixed in version
4.3.29.RELEASE
Library latest version
6.0.0-M6
Fix
Links:
https://sca.analysiscenter.veracode.com/vulnerability-database/libraries/1104?version=4.3.10.RELEASE
https://sca.analysiscenter.veracode.com/vulnerability-database/vulnerabilities/26780
Patch:
https://github.com/spring-projects/spring-framework/commit/dd011c991ce801660ec2be7979f3fc6462f29289
Veracode Software Composition Analysis
jsessionidpath parameter.Links: