CVE-2018-1271 @ Maven-org.springframework:spring-webmvc-3.2.4.RELEASE #1528
Labels
Comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
{{ message }}
Vulnerable Package issue exists @ Maven-org.springframework:spring-webmvc-3.2.4.RELEASE in branch master
Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to configure Spring MVC to serve static resources (e.g. CSS, JS, images). When static resources are served from a file system on Windows (as opposed to the classpath, or the ServletContext), a malicious user can send a request using a specially crafted URL that can lead a directory traversal attack.
Namespace: cxronen
Repository: BookStore_VSCode
Repository Url: https://github.com/cxronen/BookStore_VSCode
CxAST-Project: cxronen/BookStore_VSCode
CxAST platform scan: 8da575ca-6c79-4d57-ae63-b0e053c9ba06
Branch: master
Application: BookStore_VSCode
Severity: MEDIUM
State: TO_VERIFY
Status: RECURRENT
CWE: CWE-22
Additional Info
Attack vector: NETWORK
Attack complexity: HIGH
Confidentiality impact: HIGH
Availability impact: NONE
Remediation Upgrade Recommendation: 5.3.0
References
Advisory
Issue
Commit
The text was updated successfully, but these errors were encountered: