CVE: 2018-1272 found in Spring Core - Version: 4.3.10.RELEASE [JAVA]

[github-actions[bot]]

Veracode Software Composition Analysis

Attribute	Details
Library	Spring Core
Description	Spring Core
Language	JAVA
Vulnerability	Privilege Escalation Through Multipart Content Pollution
Vulnerability description	spring-core is vulnerable to multipart content pollution. The application uses an insecure number generator to generate the multipart boundary parameter value, allowing a malicious user to make a informed guess the multipart boundary parameter value. A malicious user can potentially perform a privilege escalation attack by sending tampered requests to a server that the user does not have sufficient access control to.
CVE	2018-1272
CVSS score	6
Vulnerability present in version/s	4.2.0.RELEASE-4.3.14.RELEASE
Found library version/s	4.3.10.RELEASE
Vulnerability fixed in version	4.3.15.RELEASE
Library latest version	6.1.1
Fix

Links:

• https://sca.analysiscenter.veracode.com/vulnerability-database/libraries/562?version=4.3.10.RELEASE
• https://sca.analysiscenter.veracode.com/vulnerability-database/vulnerabilities/6056
• Patch: https://github.com/spring-projects/spring-framework/commit/e02ff3a0da50744b0980d5d665fd242eedea7675

[github-actions[bot]]

Veracode issue link to PR: https://github.com/veracode-repository-ruleset/verademo-java-maven/pull/54