search

julz0815 / test-action

0 stars 1 forks source link

CVE: 2022-22968 found in Spring Context - Version: 4.3.10.RELEASE [JAVA] #183

Closed github-actions[bot] closed 1 year ago

github-actions[bot] commented 1 year ago

Veracode Software Composition Analysis

Attribute Details
Library Spring Context
Description Spring Context
Language JAVA
Vulnerability Binding Rules Bypass
Vulnerability description spring-context is vulnerable to binding rules bypass. The vulnerability exists due to lack of sanitization of HTTP request parameters which allows an attacker to bypass the disallowedFields and bind malicious HTTP request parameters.
CVE 2022-22968
CVSS score 5
Vulnerability present in version/s 4.0.0.M1-4.3.30.RELEASE
Found library version/s 4.3.10.RELEASE
Vulnerability fixed in version
Library latest version 6.0.1
Fix There is no fix version in this range. Apply the below fix or use alternative packages.

Links:

github-actions[bot] commented 1 year ago

Veracode issue link to PR: https://github.com/julz0815/test-action/pull/184