{"url":"http://public2.vulnerablecode.io/api/packages/56691?format=json","purl":"pkg:maven/org.springframework/spring-core@4.2.2","type":"maven","namespace":"org.springframework","name":"spring-core","version":"4.2.2","qualifiers":{},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":"4.2.9","latest_non_vulnerable_version":"6.2.11","affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/38630?format=json","vulnerability_id":"VCID-2ke4-ywbk-2qha","summary":"Improper Input Validation\nUnder some situations, the Spring Framework is vulnerable to a Reflected File Download (RFD) attack. The attack involves a malicious user crafting a URL with a batch script extension that results in the response being downloaded rather than rendered and also includes some input reflected in the response.","references":[{"reference_url":"https://lists.debian.org/debian-lts-announce/2019/07/msg00012.html","reference_id":"","reference_type":"","scores":[],"url":"https://lists.debian.org/debian-lts-announce/2019/07/msg00012.html"},{"reference_url":"https://www.trustwave.com/Resources/SpiderLabs-Blog/Reflected-File-Download---A-New-Web-Attack-Vector/","reference_id":"","reference_type":"","scores":[],"url":"https://www.trustwave.com/Resources/SpiderLabs-Blog/Reflected-File-Download---A-New-Web-Attack-Vector/"},{"reference_url":"http://pivotal.io/security/cve-2015-5211","reference_id":"CVE-2015-5211","reference_type":"","scores":[],"url":"http://pivotal.io/security/cve-2015-5211"},{"reference_url":"https://access.redhat.com/security/cve/cve-2015-5211","reference_id":"CVE-2015-5211","reference_type":"","scores":[],"url":"https://access.redhat.com/security/cve/cve-2015-5211"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2015-5211","reference_id":"CVE-2015-5211","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2015-5211"},{"reference_url":"https://pivotal.io/security/cve-2015-5211","reference_id":"CVE-2015-5211","reference_type":"","scores":[],"url":"https://pivotal.io/security/cve-2015-5211"},{"reference_url":"https://github.com/advisories/GHSA-pgf9-h69p-pcgf","reference_id":"GHSA-pgf9-h69p-pcgf","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-pgf9-h69p-pcgf"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/56692?format=json","purl":"pkg:maven/org.springframework/spring-core@3.2.15","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-core@3.2.15"},{"url":"http://public2.vulnerablecode.io/api/packages/56691?format=json","purl":"pkg:maven/org.springframework/spring-core@4.2.2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-core@4.2.2"}],"aliases":["CVE-2015-5211","GHSA-pgf9-h69p-pcgf"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2ke4-ywbk-2qha"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-core@4.2.2"}