search

opensearch-project / opensearch-build

🧰 OpenSearch / OpenSearch-Dashboards Build Systems
Apache License 2.0
141 stars 275 forks source link

CVE-2014-1904 (Medium) detected in spring-webmvc-2.5.6.SEC03.jar - autoclosed #1043

Closed mend-for-github-com[bot] closed 2 years ago

mend-for-github-com[bot] commented 3 years ago

CVE-2014-1904 - Medium Severity Vulnerability

Vulnerable Library - spring-webmvc-2.5.6.SEC03.jar

Spring Framework: Web MVC

Library home page: http://www.springframework.org

Path to dependency file: /build.gradle

Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.springframework/spring-webmvc/2.5.6.SEC03/275c5ac6ade12819f49e984c8e06b114a4e23458/spring-webmvc-2.5.6.SEC03.jar

Dependency Hierarchy: - jenkins-core-2.176.2.jar (Root Library) - :x: **spring-webmvc-2.5.6.SEC03.jar** (Vulnerable Library)

Found in HEAD commit: 379a0396e83ffd3481f8e9aa1d61bbcd253f00ee

Found in base branch: main

Vulnerability Details

Cross-site scripting (XSS) vulnerability in web/servlet/tags/form/FormTag.java in Spring MVC in Spring Framework 3.0.0 before 3.2.8 and 4.0.0 before 4.0.2 allows remote attackers to inject arbitrary web script or HTML via the requested URI in a default action.

Publish Date: 2014-03-20

URL: CVE-2014-1904

CVSS 2 Score Details (4.3)

Base Score Metrics not available

Suggested Fix

Type: Upgrade version

Origin: https://tanzu.vmware.com/security/cve-2014-1904

Release Date: 2014-03-20

Fix Resolution: org.springframework:spring-webmvc:3.2.8.RELEASE,4.0.2.RELEASE

mend-for-github-com[bot] commented 2 years ago

:heavy_check_mark: This issue was automatically closed by WhiteSource because the vulnerable library in the specific branch(es) was either marked as ignored or it is no longer part of the WhiteSource inventory.