Moderate severity vulnerability that affects org.springframework:spring-core

2018-10-17T20:02:20
ID GHSA-RCPF-VJ53-7H2M
Type github
Reporter GitHub Advisory Database
Modified 2019-07-03T21:02:04

Description

Spring Framework, versions 5.0.x prior to 5.0.6, versions 4.3.x prior to 4.3.17, and older unsupported versions allows applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to the broker that can lead to a regular expression, denial of service attack.