CVE: 2021-22096 found in Spring Core - Version: 4.3.10.RELEASE [JAVA]

[github-actions[bot]]

Veracode Software Composition Analysis

Attribute	Details
Library	Spring Core
Description	Spring Core
Language	JAVA
Vulnerability	Log Injection
Vulnerability description	Spring Framework is vulnerable to privilege escalation. The vulnerability exists due to lack of secure validations of user input which allows a malicious user to inject additional log files.
CVE	2021-22096
CVSS score	4
Vulnerability present in version/s	1.0-rc1-5.2.17.RELEASE
Found library version/s	4.3.10.RELEASE
Vulnerability fixed in version	5.2.18.RELEASE
Library latest version	6.1.1
Fix

Links:

• https://sca.analysiscenter.veracode.com/vulnerability-database/libraries/562?version=4.3.10.RELEASE
• https://sca.analysiscenter.veracode.com/vulnerability-database/vulnerabilities/32757
• Patch: https://github.com/spring-projects/spring-framework/compare/0853baaa3f9644df4de205a2472e71a748353e25...05ea991d6220069f089a190a86f0f3105c26c049

[github-actions[bot]]

Veracode issue link to PR: https://github.com/veracode-repository-ruleset/verademo-java-maven/pull/54