Under some situations, the Spring Framework is vulnerable to a Reflected File Download (RFD) attack. The attack involves a malicious user crafting a URL with a batch script extension that results in the response being downloaded rather than rendered and also includes some input reflected in the response (CVE-2015-5211).
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Mageia | 5 | noarch | json-smart | < 1.3-0.20140820.1 | json-smart-1.3-0.20140820.1.mga5 |
Mageia | 5 | noarch | json-path | < 0.9.1-1 | json-path-0.9.1-1.mga5 |
Mageia | 5 | noarch | springframework | < 3.2.15-1 | springframework-3.2.15-1.mga5 |