7 matches found
Security Bulletin: A CSRF vulnerability in Pivotal Spring Framework affects IBM LKS Administration & Reporting Tool
Summary A CSRF related vulnerability in HTTP response has been found in Pivotal Spring Framework used by IBM LKS Administration & Reporting Tool ART. A mitigiation has been included in the latest ART release. Vulnerability Details Refer to the security bulletinss listed in the Remediation/Fixes...
ai.ylyue:yue-library-webflux (>=j8.2.3.0 <=j11.2.3.3), app.myoss.cloud.boot:myoss-starter-webflux (>=2.3.0.RELEASE <=2.3.1.RELEASE) +616 more potentially affected by CVE-2020-5397 via org.springframework:spring-webflux (>=5.2.0.RELEASE <=5.2.2.RELEASE)
org.springframework:spring-webflux MAVEN version =5.2.0.RELEASE, =j8.2.3.0, =2.3.0.RELEASE, =2.0.8, =0.5.1, =1.1.0, =1.0.0, =1.1.2 - cn.magichand:magichand-common-swagger =1.0.4 and more Source cves: CVE-2020-5397 Source advisory: OSV:GHSA-7PM4-G2QJ-J85X...
ai.ylyue:yue-library-auth-client (>=j8.2.3.0 <=j11.2.3.3), ai.ylyue:yue-library-auth-service (>=j8.2.3.0 <=j11.2.3.3) +3893 more potentially affected by CVE-2020-5397 via org.springframework:spring-webmvc (>=5.2.0.RELEASE <=5.2.2.RELEASE)
org.springframework:spring-webmvc MAVEN version =5.2.0.RELEASE, =j8.2.3.0, =j8.2.3.0, =j8.2.3.0, =2.3.0.RELEASE, =1.1.1, =1.0.0, =1.2.2.RELEASE, =1.2.2.RELEASE, =0.0.9, =0.0.9, =0.0.9, =0.0.9, =0.0.9, =0.0.12 and more Source cves: CVE-2020-5397 Source advisory: OSV:GHSA-7PM4-G2QJ-J85X...
CVE-2020-5397
Spring Framework, versions 5.2.x prior to 5.2.3 are vulnerable to CSRF attacks through CORS preflight requests that target Spring MVC spring-webmvc module or Spring WebFlux spring-webflux module endpoints. Only non-authenticated endpoints are vulnerable because preflight requests should not inclu...
CVE-2020-5397
Spring Framework, versions 5.2.x prior to 5.2.3 are vulnerable to CSRF attacks through CORS preflight requests that target Spring MVC spring-webmvc module or Spring WebFlux spring-webflux module endpoints. Only non-authenticated endpoints are vulnerable because preflight requests should not inclu...
CVE-2020-5397 CSRF Attack via CORS Preflight Requests with Spring MVC or Spring WebFlux
Spring Framework, versions 5.2.x prior to 5.2.3 are vulnerable to CSRF attacks through CORS preflight requests that target Spring MVC spring-webmvc module or Spring WebFlux spring-webflux module endpoints. Only non-authenticated endpoints are vulnerable because preflight requests should not inclu...
CVE-2020-5397
CVE-2020-5397 - Normal details Affected software: Spring Framework 5.2.x (prior to 5.2.3) where CSRF is possible via CORS preflight requests targeting Spring MVC (spring-webmvc) or Spring WebFlux (spring-webflux). Vulnerability and impact: Non-authenticated endpoints can be exploited through pref...