issues
search
julz0815
/
test-action
0
stars
1
forks
source link
CVE: 2020-5421 found in Spring Web - Version: 4.3.10.RELEASE [JAVA]
#1148
Open
github-actions[bot]
opened
1 month ago
github-actions[bot]
commented
1 month ago
Veracode Software Composition Analysis
Attribute
Details
Library
Spring Web
Description
Spring Web
Language
JAVA
Vulnerability
Reflected File Download (RFD) Attack
Vulnerability description
spring-web is vulnerable to Reflected File Download (RFD) attack. An incomplete fix of CVE-2015-5211 allows an attacker to bypass the protection against RFD attack via the
jsessionid
path parameter.
CVE
2020-5421
CVSS score
3.6
Vulnerability present in version/s
4.3.0.RELEASE-4.3.28.RELEASE
Found library version/s
4.3.10.RELEASE
Vulnerability fixed in version
4.3.29.RELEASE
Library latest version
6.2.0-RC1
Fix
Links:
https://sca.analysiscenter.veracode.com/vulnerability-database/libraries/1104?version=4.3.10.RELEASE
https://sca.analysiscenter.veracode.com/vulnerability-database/vulnerabilities/26780
Patch:
https://github.com/spring-projects/spring-framework/commit/dd011c991ce801660ec2be7979f3fc6462f29289
Veracode Software Composition Analysis
jsessionidpath parameter.Links: