Skip to content

CVE: 2018-11039 found in Spring Web - Version: 3.2.15.RELEASE [JAVA] #861

New issue
New issue
Open
Open
CVE: 2018-11039 found in Spring Web - Version: 3.2.15.RELEASE [JAVA]#861
Labels
Severity: MediumMedium severityVeracode Dependency ScanningA Veracode identified vulnerability
@github-actions

Description

@github-actions
github-actions
bot
opened on Sep 24, 2022

Veracode Software Composition Analysis

Attribute Details
Library Spring Web
Description Spring Web
Language JAVA
Vulnerability Cross-Site Tracing (XST)
Vulnerability description spring-web is vulnerable to cross-site tracing (XST) attacks. The vulnerability exists as HiddenHttpMethodFilter allows web applications to change existing HTTP request method to any HTTP method, causing applications with existing cross-site scripting (XSS) vulnerability to be vulnerable to XST.
CVE 2018-11039
CVSS score 4.3
Vulnerability present in version/s 3.0.0.RELEASE-4.2.9.RELEASE
Found library version/s 3.2.15.RELEASE
Vulnerability fixed in version 4.3.18.RELEASE
Library latest version 6.0.0-M6
Fix

Links:

Metadata

Metadata

Assignees

No one assigned

    Labels

    Severity: MediumMedium severityVeracode Dependency ScanningA Veracode identified vulnerability

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions