193 matches found
CVE-2020-5397
A flaw was found in springframework. CSRF attacks through CORS preflight requests that target Spring MVC spring-webmvc module or Spring WebFlux spring-webflux module endpoints are possible. Only non-authenticated endpoints are vulnerable because preflight requests should not include credentials a...
ai.ylyue:yue-library-webflux (>=j8.2.3.0 <=j11.2.3.3), app.myoss.cloud.boot:myoss-starter-webflux (>=2.3.0.RELEASE <=2.3.1.RELEASE) +616 more potentially affected by CVE-2020-5397 via org.springframework:spring-webflux (>=5.2.0.RELEASE <=5.2.2.RELEASE)
org.springframework:spring-webflux MAVEN version =5.2.0.RELEASE, =j8.2.3.0, =2.3.0.RELEASE, =2.0.8, =0.5.1, =1.1.0, =1.0.0, =1.1.2 - cn.magichand:magichand-common-swagger =1.0.4 and more Source cves: CVE-2020-5397 Source advisory: OSV:GHSA-7PM4-G2QJ-J85X...
CSRF attack via CORS preflight requests with Spring MVC or Spring WebFlux
Spring Framework, versions 5.2.x prior to 5.2.3 are vulnerable to CSRF attacks through CORS preflight requests that target Spring MVC spring-webmvc module or Spring WebFlux spring-webflux module endpoints. Only non-authenticated endpoints are vulnerable because preflight requests should not inclu...
am.ik.github:reactive-github-client (>=0.0.1 <=0.0.4), capital.scalable:spring-auto-restdocs-core (>=2.0.3 <=2.0.6) +109 more potentially affected by CVE-2020-5398 via org.springframework:spring-webflux (>=5.0.0.RELEASE <=5.0.15.RELEASE)
org.springframework:spring-webflux MAVEN version =5.0.0.RELEASE, =0.0.1, =2.0.3, =B.0.0.1, =B.0.0.1, =B.0.0.1, =B.0.0.1, =2.21.8, =1.6.17, =0.11.2, =2.7.0-RELEASE, =2.7.0-RELEASE, =2.7.0-RELEASE, =0.1.0, =0.14, =0.19 and more Source cves: CVE-2020-5398 Source advisory: OSV:GHSA-8WX2-9Q48-VM9Rhttp...
ai.hyacinth.framework:core-service-admin-server (>=0.5.8 <=0.5.21), ai.hyacinth.framework:core-service-gateway-server (>=0.5.8 <=0.5.21) +38 more potentially affected by CVE-2020-5398 via org.springframework:spring-webflux (>=5.1.0.RELEASE <=5.1.12.RELEASE)
org.springframework:spring-webflux MAVEN version =5.1.0.RELEASE, =0.5.8, =0.5.8, =0.5.8, =0.5.0, =1.1.1.RELEASE, =1.0.6.RELEASE, =1.0.0, =1.3.5, =1.0.4.RELEASE, =1.7.0, =1.1.1-Greenwich, =1.1.1-Greenwich, =1.1.2-Greenwich and more Source cves: CVE-2020-5398 Source advisory: OSV:GHSA-8WX2-9Q48-VM9...
ai.ylyue:yue-library-webflux (>=j8.2.3.0 <=j11.2.3.3), app.myoss.cloud.boot:myoss-starter-webflux (>=2.3.0.RELEASE <=2.3.1.RELEASE) +616 more potentially affected by CVE-2020-5398 via org.springframework:spring-webflux (>=5.2.0.RELEASE <=5.2.2.RELEASE)
org.springframework:spring-webflux MAVEN version =5.2.0.RELEASE, =j8.2.3.0, =2.3.0.RELEASE, =2.0.8, =0.5.1, =1.1.0, =1.0.0, =1.1.2 - cn.magichand:magichand-common-swagger =1.0.4 and more Source cves: CVE-2020-5398 Source advisory: OSV:GHSA-8WX2-9Q48-VM9R...
RFD attack via Content-Disposition header sourced from request input by Spring MVC or Spring WebFlux Application
In Spring Framework, versions 5.2.x prior to 5.2.3, versions 5.1.x prior to 5.1.13, and versions 5.0.x prior to 5.0.16, an application is vulnerable to a reflected file download RFD attack when it sets a "Content-Disposition" header in the response where the filename attribute is derived from use...
CVE-2020-5397
Spring Framework, versions 5.2.x prior to 5.2.3 are vulnerable to CSRF attacks through CORS preflight requests that target Spring MVC spring-webmvc module or Spring WebFlux spring-webflux module endpoints. Only non-authenticated endpoints are vulnerable because preflight requests should not inclu...
CVE-2020-5397
Spring Framework, versions 5.2.x prior to 5.2.3 are vulnerable to CSRF attacks through CORS preflight requests that target Spring MVC spring-webmvc module or Spring WebFlux spring-webflux module endpoints. Only non-authenticated endpoints are vulnerable because preflight requests should not inclu...
Cross site request forgery (csrf)
Spring Framework, versions 5.2.x prior to 5.2.3 are vulnerable to CSRF attacks through CORS preflight requests that target Spring MVC spring-webmvc module or Spring WebFlux spring-webflux module endpoints. Only non-authenticated endpoints are vulnerable because preflight requests should not inclu...
CVE-2020-5397 CSRF Attack via CORS Preflight Requests with Spring MVC or Spring WebFlux
Spring Framework, versions 5.2.x prior to 5.2.3 are vulnerable to CSRF attacks through CORS preflight requests that target Spring MVC spring-webmvc module or Spring WebFlux spring-webflux module endpoints. Only non-authenticated endpoints are vulnerable because preflight requests should not inclu...
Denial of service
Spring Framework, version 5.1, versions 5.0.x prior to 5.0.10, versions 4.3.x prior to 4.3.20, and older unsupported versions on the 4.2.x branch provide support for range requests when serving static resources through the ResourceHttpRequestHandler, or starting in 5.0 when an annotated controlle...
CVE-2018-15756
Spring Framework, version 5.1, versions 5.0.x prior to 5.0.10, versions 4.3.x prior to 4.3.20, and older unsupported versions on the 4.2.x branch provide support for range requests when serving static resources through the ResourceHttpRequestHandler, or starting in 5.0 when an annotated controlle...