Spring By Vmware Spring Framework vulnerabilities
2 known vulnerabilities affecting spring_by_vmware/spring_framework.
Total CVEs
2
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL2
Vulnerabilities
Page 1 of 1
CVE-2020-5421CRITICALCVSS 9.6≥ 4.3, < 4.3.29≥ 5.0, < 5.0.19+2 more2020-09-19
CVE-2020-5421 [CRITICAL] RFD Protection Bypass via jsessionid
RFD Protection Bypass via jsessionid
In Spring Framework versions 5.2.0 - 5.2.8, 5.1.0 - 5.1.17, 5.0.0 - 5.0.18, 4.3.0 - 4.3.28, and older unsupported versions, the protections against RFD attacks from CVE-2015-5211 may be bypassed depending on the browser used through the use of a jsessionid path parameter.
cvelistv5
CVE-2015-5211CRITICALCVSS 9.6≥ 4.3, < 4.3.29≥ 5.0, < 5.0.19+2 more2017-05-25
CVE-2015-5211 [CRITICAL] CWE-552 CVE-2015-5211: Under some situations, the Spring Framework 4.2.0 to 4.2.1, 4.0.0 to 4.1.7, 3.2.0 to 3.2.14 and olde
Under some situations, the Spring Framework 4.2.0 to 4.2.1, 4.0.0 to 4.1.7, 3.2.0 to 3.2.14 and older unsupported versions is vulnerable to a Reflected File Download (RFD) attack. The attack involves a malicious user crafting a URL with a batch script extension that results in the response being downloaded rather than rendered and also includes some
nvd