CVE-2015-0201 – org.springframework:spring-core

Package

Manager: maven
Name: org.springframework:spring-core
Vulnerable Version: >=4.1.0 <4.1.5

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00293 pctl0.52185

Details

Moderate severity vulnerability that affects org.springframework:spring-core The Java SockJS client in Pivotal Spring Framework 4.1.x before 4.1.5 generates predictable session ids, which allows remote attackers to send messages to other sessions via unspecified vectors.

Metadata

Created: 2018-10-17T20:28:20Z
Modified: 2024-03-05T18:20:18Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2018/10/GHSA-45vg-2v73-vm62/GHSA-45vg-2v73-vm62.json
CWE IDs: []
Alternative ID: GHSA-45vg-2v73-vm62
Finding: F280
Auto approve: 1