CVE: 2020-5421 found in Spring Web - Version: 3.2.15.RELEASE [JAVA] #838
Description
Veracode Software Composition Analysis
| Attribute | Details |
|---|---|
| Library | Spring Web |
| Description | Spring Web |
| Language | JAVA |
| Vulnerability | Reflected File Download (RFD) Attack |
| Vulnerability description | spring-web is vulnerable to Reflected File Download (RFD) attack. An incomplete fix of CVE-2015-5211 allows an attacker to bypass the protection against RFD attack via the jsessionid path parameter. |
| CVE | 2020-5421 |
| CVSS score | 3.6 |
| Vulnerability present in version/s | 3.2.0.RELEASE-4.2.9.RELEASE |
| Found library version/s | 3.2.15.RELEASE |
| Vulnerability fixed in version | 4.3.29.RELEASE |
| Library latest version | 6.0.0-M6 |
| Fix |
Links: