CVE-2020-5398 – org.springframework:spring-webmvc

Package

Manager: maven
Name: org.springframework:spring-webmvc
Vulnerable Version: >=5.2.0.release <5.2.3.release || >=5.1.0.release <5.1.13.release || >=5.0.0.release <5.0.16.release

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

CVSS v4.0: CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

EPSS: 0.90844 pctl0.99613

Details

RFD attack via Content-Disposition header sourced from request input by Spring MVC or Spring WebFlux Application In Spring Framework, versions 5.2.x prior to 5.2.3, versions 5.1.x prior to 5.1.13, and versions 5.0.x prior to 5.0.16, an application is vulnerable to a reflected file download (RFD) attack when it sets a "Content-Disposition" header in the response where the filename attribute is derived from user supplied input.

Metadata

Created: 2020-01-21T20:59:09Z
Modified: 2024-03-14T21:01:05Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2020/01/GHSA-8wx2-9q48-vm9r/GHSA-8wx2-9q48-vm9r.json
CWE IDs: ["CWE-494", "CWE-79"]
Alternative ID: GHSA-8wx2-9q48-vm9r
Finding: F008
Auto approve: 1