Spring Session Core is vulnerable to Information Disclosure. The vulnerability exists in the resolveSessionIds
function in HeaderHttpSessionIdResolver.java
because the session id is logged which allows an attacker with access to the application logs and perform session hijacking.