search

veracode-repository-ruleset / verademo-java-maven

verademo-java-maven
0 stars 0 forks source link

CVE: 2020-5421 found in Spring Web - Version: 4.3.10.RELEASE [JAVA] #53

Open github-actions[bot] opened 7 months ago

github-actions[bot] commented 7 months ago

Veracode Software Composition Analysis

Attribute Details
Library Spring Web
Description Spring Web
Language JAVA
Vulnerability Reflected File Download (RFD) Attack
Vulnerability description spring-web is vulnerable to Reflected File Download (RFD) attack. An incomplete fix of CVE-2015-5211 allows an attacker to bypass the protection against RFD attack via the jsessionid path parameter.
CVE 2020-5421
CVSS score 3.6
Vulnerability present in version/s 4.3.0.RELEASE-4.3.28.RELEASE
Found library version/s 4.3.10.RELEASE
Vulnerability fixed in version 4.3.29.RELEASE
Library latest version 6.1.1
Fix

Links:

github-actions[bot] commented 4 months ago

Veracode issue link to PR: https://github.com/veracode-repository-ruleset/verademo-java-maven/pull/54