CVE-2018-11040 @ Maven-org.springframework:spring-webmvc-3.2.4.RELEASE #730
Labels
Comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
{{ message }}
Vulnerable Package issue exists @ Maven-org.springframework:spring-webmvc-3.2.4.RELEASE in branch main
Spring Framework, versions 5.0.x prior to 5.0.7 and 4.3.x prior to 4.3.18 and older unsupported versions, allows web applications to enable cross-domain requests via JSONP (JSON with Padding) through AbstractJsonpResponseBodyAdvice for REST controllers and MappingJackson2JsonView for browser requests. Both are not enabled by default in Spring Framework nor Spring Boot, however, when MappingJackson2JsonView is configured in an application, JSONP support is automatically ready to use through the "jsonp" and "callback" JSONP parameters, enabling cross-domain requests.
Namespace: cxronen
Repository: AST_BookStore
Repository Url: https://github.com/cxronen/AST_BookStore
CxAST-Project: cxronen/AST_BookStore
CxAST platform scan: 1dfa7500-ca95-4ace-923f-3cf597ff6d1c
Branch: main
Application: AST_BookStore
Severity: MEDIUM
State: NOT_IGNORED
Status: RECURRENT
CWE: CWE-254
Additional Info
Attack vector: NETWORK
Attack complexity: HIGH
Confidentiality impact: HIGH
Availability impact: NONE
Remediation Upgrade Recommendation: 5.3.0
References
Commit
Advisory
Issue
The text was updated successfully, but these errors were encountered: