search

veracode-repository-ruleset / verademo-java-maven

verademo-java-maven
0 stars 0 forks source link

CVE: 2018-11039 found in Spring Web - Version: 4.3.10.RELEASE [JAVA] #51

Open github-actions[bot] opened 7 months ago

github-actions[bot] commented 7 months ago

Veracode Software Composition Analysis

Attribute Details
Library Spring Web
Description Spring Web
Language JAVA
Vulnerability Cross-Site Tracing (XST)
Vulnerability description spring-web is vulnerable to cross-site tracing (XST) attacks. The vulnerability exists as HiddenHttpMethodFilter allows web applications to change existing HTTP request method to any HTTP method, causing applications with existing cross-site scripting (XSS) vulnerability to be vulnerable to XST.
CVE 2018-11039
CVSS score 4.3
Vulnerability present in version/s 4.3.0.RELEASE-4.3.17.RELEASE
Found library version/s 4.3.10.RELEASE
Vulnerability fixed in version 4.3.18.RELEASE
Library latest version 6.1.1
Fix

Links:

github-actions[bot] commented 4 months ago

Veracode issue link to PR: https://github.com/veracode-repository-ruleset/verademo-java-maven/pull/54