EPSS
Percentile
42.2%
spring-batch-admin is vulnerable to cross-site request forgery (CSRF) attacks. The library does not use CSRF tokens, allowing a malicious user to hijack the authentication of other users and submit arbitrary requests through the file upload page.
www.openwall.com/lists/oss-security/2017/08/16/5
github.com/spring-projects/spring-batch-admin/blob/1.3.1.RELEASE/spring-batch-admin-manager/src/main/resources/org/springframework/batch/admin/web/manager/files/html/files.ftl#L23