GHSA-VPR3-F594-MG5G Improper Control of Generation of Code ('Code Injection') in Spring Framework

SpringSource Spring Framework 2.5.x before 2.5.6.SEC02, 2.5.7 before 2.5.7.SR01, and 3.0.x before 3.0.3 allows remote attackers to execute arbitrary code via an HTTP request containing class.classLoader.URLs0=jar: followed by a URL of a crafted .jar file...

PT-2010-1181 · Spring · Spring Framework

Name of the Vulnerable Software and Affected Versions: Spring Framework versions 2.5.x through 2.5.5, 2.5.7 before 2.5.7.SR01, and 3.0.x through 3.0.2 Description: The issue is related to incorrect code generation management in the Spring Framework, allowing remote attackers to execute arbitrary...