Search for packages
| purl | pkg:maven/org.springframework/spring-webflux@5.1.13 |
| Tags | Ghost |
| Next non-vulnerable version | 5.2.20.RELEASE |
| Latest non-vulnerable version | 7.0.6 |
| Risk | 10.0 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-u7kk-c6fm-judy
Aliases: CVE-2020-5398 GHSA-8wx2-9q48-vm9r |
RFD attack via Content-Disposition header sourced from request input by Spring MVC or Spring WebFlux Application In Spring Framework, versions 5.2.x prior to 5.2.3, versions 5.1.x prior to 5.1.13, and versions 5.0.x prior to 5.0.16, an application is vulnerable to a reflected file download (RFD) attack when it sets a "Content-Disposition" header in the response where the filename attribute is derived from user supplied input. |
Affected by 2 other vulnerabilities. Affected by 2 other vulnerabilities. Affected by 3 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-04-02T12:36:19.640392+00:00 | GitLab Importer | Affected by | VCID-u7kk-c6fm-judy | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.springframework/spring-webflux/CVE-2020-5398.yml | 38.0.0 |