CVE-2020-5398 — Cross-site Scripting in Spring Framework
CWE-79 — Cross-site ScriptingCWE-494 — Download of Code Without Integrity Check16 documents8 sources
Severity
7.5HIGHNVD
EPSS
90.2%
top 0.41%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedJan 17
Latest updateOct 15
Description
In Spring Framework, versions 5.2.x prior to 5.2.3, versions 5.1.x prior to 5.1.13, and versions 5.0.x prior to 5.0.16, an application is vulnerable to a reflected file download (RFD) attack when it sets a "Content-Disposition" header in the response where the filename attribute is derived from user supplied input.
CVSS vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.6 | Impact: 5.9
Affected Packages32 packages
Patches
🔴Vulnerability Details
4GHSA▶
RFD attack via Content-Disposition header sourced from request input by Spring MVC or Spring WebFlux Application↗2020-01-21
OSV▶
RFD attack via Content-Disposition header sourced from request input by Spring MVC or Spring WebFlux Application↗2020-01-21
CVEList▶
RFD Attack via "Content-Disposition" Header Sourced from Request Input by Spring MVC or Spring WebFlux Application↗2020-01-16
📋Vendor Advisories
9Oracle
▶
Oracle▶
Oracle Oracle Communications Risk Matrix: Configuration (Spring Framework) — CVE-2020-5398↗2021-07-15
Oracle▶
Oracle Oracle Siebel CRM Risk Matrix: Siebel Approval Manager (Spring Framework) — CVE-2020-5398↗2021-04-15
Oracle▶
Oracle Oracle Retail Applications Risk Matrix: BDI Job Scheduler (Spring Framework) — CVE-2020-5398↗2021-01-15
💬Community
2Bugzilla▶
CVE-2020-5398 springframework: RFD attack via Content-Disposition Header sourced from request input by Spring MVC or Spring WebFlux Application↗2020-02-06
Bugzilla▶
CVE-2020-5398 springframework: RFD attack via Content-Disposition Header sourced from request input by Spring MVC or Spring WebFlux Application [fedora-all]↗2020-02-06