Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

6525 matches found

NVD
NVDadded 2020/01/17 7:15 p.m.15 views

CVE-2020-5397

Spring Framework, versions 5.2.x prior to 5.2.3 are vulnerable to CSRF attacks through CORS preflight requests that target Spring MVC spring-webmvc module or Spring WebFlux spring-webflux module endpoints. Only non-authenticated endpoints are vulnerable because preflight requests should not inclu...

5.3CVSS5.2AI score0.00855EPSS
Exploits1References7
OSV
OSVadded 2020/01/17 7:15 p.m.18 views

CVE-2020-5397

Spring Framework, versions 5.2.x prior to 5.2.3 are vulnerable to CSRF attacks through CORS preflight requests that target Spring MVC spring-webmvc module or Spring WebFlux spring-webflux module endpoints. Only non-authenticated endpoints are vulnerable because preflight requests should not inclu...

5.3CVSS6.8AI score0.00855EPSS
Exploits1References7
UbuntuCve
UbuntuCveadded 2020/01/17 7:15 p.m.25 views

CVE-2020-5397

Spring Framework, versions 5.2.x prior to 5.2.3 are vulnerable to CSRF attacks through CORS preflight requests that target Spring MVC spring-webmvc module or Spring WebFlux spring-webflux module endpoints. Only non-authenticated endpoints are vulnerable because preflight requests should not inclu...

5.3CVSS6.4AI score0.00855EPSS
Exploits1References2
OSV
OSVadded 2020/01/17 7:15 p.m.0 views

UBUNTU-CVE-2020-5397

Spring Framework, versions 5.2.x prior to 5.2.3 are vulnerable to CSRF attacks through CORS preflight requests that target Spring MVC spring-webmvc module or Spring WebFlux spring-webflux module endpoints. Only non-authenticated endpoints are vulnerable because preflight requests should not inclu...

5.3CVSS6.4AI score0.00855EPSS
Exploits1References3
Prion
Prionadded 2020/01/17 7:15 p.m.16 views

Cross site request forgery (csrf)

Spring Framework, versions 5.2.x prior to 5.2.3 are vulnerable to CSRF attacks through CORS preflight requests that target Spring MVC spring-webmvc module or Spring WebFlux spring-webflux module endpoints. Only non-authenticated endpoints are vulnerable because preflight requests should not inclu...

2.6CVSS7.1AI score0.00855EPSS
Exploits1References7Affected Software27
CVE
CVEadded 2020/01/17 6:50 p.m.228 views

CVE-2020-5397

CVE-2020-5397 - Normal details Affected software: Spring Framework 5.2.x (prior to 5.2.3) where CSRF is possible via CORS preflight requests targeting Spring MVC (spring-webmvc) or Spring WebFlux (spring-webflux). Vulnerability and impact: Non-authenticated endpoints can be exploited through pref...

5.3CVSS5.5AI score0.00855EPSS
Exploits1References7Affected Software1
Cvelist
Cvelistadded 2020/01/17 6:50 p.m.19 views

CVE-2020-5397 CSRF Attack via CORS Preflight Requests with Spring MVC or Spring WebFlux

Spring Framework, versions 5.2.x prior to 5.2.3 are vulnerable to CSRF attacks through CORS preflight requests that target Spring MVC spring-webmvc module or Spring WebFlux spring-webflux module endpoints. Only non-authenticated endpoints are vulnerable because preflight requests should not inclu...

5.3CVSS7.2AI score0.00855EPSS
Exploits1References7
Debian CVE
Debian CVEadded 2020/01/17 6:50 p.m.23 views

CVE-2020-5397

Spring Framework, versions 5.2.x prior to 5.2.3 are vulnerable to CSRF attacks through CORS preflight requests that target Spring MVC spring-webmvc module or Spring WebFlux spring-webflux module endpoints. Only non-authenticated endpoints are vulnerable because preflight requests should not inclu...

5.3CVSS5.7AI score0.00855EPSS
Exploits1
GithubExploit
GithubExploitadded 2020/01/17 5:35 a.m.22 views

Exploit for Cross-site Scripting in Vmware Spring_Framework

CVE-2020-5398 - RFDReflected File Download Attack for Spring...

8CVSS8AI score0.90184EPSS
Exploits2
Veracode
Veracodeadded 2020/01/17 3:59 a.m.40 views

Reflected File Download

spring-web is vulnerable to reflected file download. The filename attribute that is derived from the user-supplied Content-Disposition header is not validated and sanitized, potentially resulting in the downloaded content of the response to be saved and executed as a file by the user's browser...

7.5CVSS2.8AI score0.90184EPSS
Exploits2References80Affected Software3
NVD
NVDadded 2020/01/17 12:15 a.m.18 views

CVE-2020-5398

In Spring Framework, versions 5.2.x prior to 5.2.3, versions 5.1.x prior to 5.1.13, and versions 5.0.x prior to 5.0.16, an application is vulnerable to a reflected file download RFD attack when it sets a "Content-Disposition" header in the response where the filename attribute is derived from use...

8CVSS7.5AI score0.90184EPSS
Exploits2References44
OSV
OSVadded 2020/01/17 12:15 a.m.29 views

CVE-2020-5398

In Spring Framework, versions 5.2.x prior to 5.2.3, versions 5.1.x prior to 5.1.13, and versions 5.0.x prior to 5.0.16, an application is vulnerable to a reflected file download RFD attack when it sets a "Content-Disposition" header in the response where the filename attribute is derived from use...

7.5CVSS6.4AI score0.90184EPSS
Exploits2References44
UbuntuCve
UbuntuCveadded 2020/01/17 12:15 a.m.30 views

CVE-2020-5398

In Spring Framework, versions 5.2.x prior to 5.2.3, versions 5.1.x prior to 5.1.13, and versions 5.0.x prior to 5.0.16, an application is vulnerable to a reflected file download RFD attack when it sets a "Content-Disposition" header in the response where the filename attribute is derived from use...

8CVSS7.1AI score0.90184EPSS
Exploits2References2
Prion
Prionadded 2020/01/17 12:15 a.m.37 views

Input validation

In Spring Framework, versions 5.2.x prior to 5.2.3, versions 5.1.x prior to 5.1.13, and versions 5.0.x prior to 5.0.16, an application is vulnerable to a reflected file download RFD attack when it sets a "Content-Disposition" header in the response where the filename attribute is derived from use...

7.6CVSS8.2AI score0.90184EPSS
Exploits2References44Affected Software31
OSV
OSVadded 2020/01/17 12:15 a.m.0 views

UBUNTU-CVE-2020-5398

In Spring Framework, versions 5.2.x prior to 5.2.3, versions 5.1.x prior to 5.1.13, and versions 5.0.x prior to 5.0.16, an application is vulnerable to a reflected file download RFD attack when it sets a "Content-Disposition" header in the response where the filename attribute is derived from use...

8CVSS7.1AI score0.90184EPSS
Exploits2References3
Cvelist
Cvelistadded 2020/01/16 11:55 p.m.22 views

CVE-2020-5398 RFD Attack via "Content-Disposition" Header Sourced from Request Input by Spring MVC or Spring WebFlux Application

In Spring Framework, versions 5.2.x prior to 5.2.3, versions 5.1.x prior to 5.1.13, and versions 5.0.x prior to 5.0.16, an application is vulnerable to a reflected file download RFD attack when it sets a "Content-Disposition" header in the response where the filename attribute is derived from use...

8CVSS8.3AI score0.90184EPSS
Exploits2References44
CVE
CVEadded 2020/01/16 11:55 p.m.556 views

CVE-2020-5398

CVE-2020-5398 (Spring Framework) affects Spring Framework versions: 5.0.x before 5.0.16, 5.1.x before 5.1.13, and 5.2.x before 5.2.3. The vulnerability is a reflected file download (RFD) attack triggered when an application sets a Content-Disposition header whose filename is derived from user inp...

8CVSS7.3AI score0.90184EPSS
Exploits2References44Affected Software1
Debian CVE
Debian CVEadded 2020/01/16 11:55 p.m.31 views

CVE-2020-5398

In Spring Framework, versions 5.2.x prior to 5.2.3, versions 5.1.x prior to 5.1.13, and versions 5.0.x prior to 5.0.16, an application is vulnerable to a reflected file download RFD attack when it sets a "Content-Disposition" header in the response where the filename attribute is derived from use...

8CVSS7.6AI score0.90184EPSS
Exploits2
CNVD
CNVDadded 2020/01/16 12:0 a.m.3 views

Pivotal Software Spring Framework Cross-Site Scripting Vulnerability

Pivotal Software Spring Framework is the U.S. Pivotal Software's set of open source Java, JavaEE application framework. The framework helps developers build high-quality applications . A cross-site scripting vulnerability exists in Pivotal Software Spring Framework versions 5.2.x prior to 5.2.3,...

8CVSS8.3AI score0.90184EPSS
Exploits2References1
CNVD
CNVDadded 2020/01/16 12:0 a.m.3 views

Pivotal Software Spring Framework Cross-Site Request Forgery Vulnerability

Pivotal Software Spring Framework is the U.S. Pivotal Software's set of open source Java, JavaEE application framework. The framework helps developers build high-quality applications . A cross-site request forgery vulnerability exists in Pivotal Software Spring Framework versions 5.2.x prior to...

5.3CVSS6.9AI score0.00855EPSS
Exploits1References1
Rows per page
Query Builder