You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Spring Framework, modules "spring-messaging" and "spring-websocket", versions 5.0.x prior to 5.0.6, versions 4.3.x prior to 4.3.17, and older unsupported versions allows applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to the broker that can lead to a regular expression, denial of service attack.
Additional Info Attack vector: NETWORK Attack complexity: LOW Confidentiality impact: NONE Availability impact: HIGH Remediation Upgrade Recommendation: 4.3.17.RELEASE
The text was updated successfully, but these errors were encountered:
Checkmarx (SCA): Vulnerable Package
Vulnerability: Read More about CVE-2018-1257
Checkmarx Project: margaritalm/BookStore_Small_CLI_small
Repository URL: https://github.com/margaritalm/BookStore_Small_CLI_small
Branch: master
Scan ID: 79dde67e-447e-480d-9f9e-f0bfb2e3e6f8
Spring Framework, modules "spring-messaging" and "spring-websocket", versions 5.0.x prior to 5.0.6, versions 4.3.x prior to 4.3.17, and older unsupported versions allows applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to the broker that can lead to a regular expression, denial of service attack.
Additional Info
Attack vector: NETWORK
Attack complexity: LOW
Confidentiality impact: NONE
Availability impact: HIGH
Remediation Upgrade Recommendation: 4.3.17.RELEASE
The text was updated successfully, but these errors were encountered: