Search for packages
| purl | pkg:deb/debian/libspring-java@4.3.22-4 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-fra1-reqm-kfdb
Aliases: CVE-2020-5421 GHSA-rv39-3qh7-9v7w |
Remote file disclosure In Spring Framework the protections against RFD attacks from CVE-2015-5211 may be bypassed depending on the browser used through the use of a jsessionid path parameter. |
Affected by 0 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-2327-21sr-mfgx | Improper Privilege Management When Spring MVC or Spring WebFlux server application (server A) receives input from a remote client, and then uses that input to make a multipart request to another server (server B), it can be exposed to an attack, where an extra multipart is inserted in the content of the request from server A, causing server B to use the wrong value for a part it expects. This could to lead privilege escalation, for example, if the part content represents a username or user roles. |
CVE-2018-1272
GHSA-4487-x383-qpph |
| VCID-dakn-kfyh-syab | Uncontrolled Resource Consumption Spring Framework provides support for range requests when serving static resources through the `ResourceHttpRequestHandler`. A malicious user (or attacker) can add a range header with a high number of ranges, or with wide ranges that overlap, or both, for a denial of service attack. |
CVE-2018-15756
GHSA-ffvq-7w96-97p7 |
| VCID-esxu-3a7m-q7a7 | False positive This advisory has been marked as a False Positive and has been removed. |
CVE-2018-11039
GHSA-9gcm-f4x3-8jpw |
| VCID-fbxq-3v82-yket | Improper Input Validation Spring Framework allows applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to the broker that can lead to a regular expression, denial of service attack. |
CVE-2018-1257
GHSA-rcpf-vj53-7h2m |
| VCID-h4kj-zdr8-wbdr | Improper Input Validation Spring Security does not consider URL path parameters when processing security constraints. By adding a URL path parameter with special encodings, an attacker may be able to bypass a security constraint. The root cause of this issue is a lack of clarity regarding the handling of path parameters in the Servlet Specification. Some Servlet containers include path parameters in the value returned for `getPathInfo()` and some do not. Spring Security uses the value returned by `getPathInfo()` as part of the process of mapping requests to security constraints. In this particular attack, different character encodings used in path parameters allows secured Spring MVC static resource URLs to be bypassed. |
CVE-2018-1199
GHSA-v596-fwhq-8x48 |
| VCID-haqr-jpvm-eqck | Improper Control of Generation of Code ('Code Injection') Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to the broker that can lead to a remote code execution attack. |
CVE-2018-1270
GHSA-p5hg-3xm3-gcjg |
| VCID-m6g1-a6e3-bqbj | Inclusion of Functionality from Untrusted Control Sphere Spring Framework allows web applications to enable cross-domain requests via JSONP (JSON with Padding) through `AbstractJsonpResponseBodyAdvice` for REST controllers and `MappingJackson2JsonView` for browser requests. Both are not enabled by default in Spring Framework nor Spring Boot, however, when `MappingJackson2JsonView` is configured in an application, JSONP support is automatically ready to use through the `jsonp` and `callback` JSONP parameters, enabling cross-domain requests. |
CVE-2018-11040
GHSA-f26x-pr96-vw86 |