Spring MVC and WebFlux applications are vulnerable to Information Disclosure attacks when resolving static resources. Affected versions: Spring Framework 7.0.0 through 7.0.7; 6.2.0 through 6.2.18; 6.1.0 through 6.1.27; 5.3.0 through 5.3.48.
oryginał ENCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:NVMware Spring Framework
APPVmware5.3.0 – 5.3.49 (bez)6.1.0 – 6.1.28 (bez)6.2.0 – 6.2.19 (bez)7.0.0 – 7.0.8 (bez)
Powiązane podatności
A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) ...
An issue in Dromara SaToken version 1.36.0 and before allows a remote attacker to escalate privileges via a cr...
Pivotal Spring Framework through 5.3.16 suffers from a potential remote code execution (RCE) issue if used for...
Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.16 and older unsupported versions,...
Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions,...