Skip to content

Moderate severity vulnerability that affects org.springframework:spring-core

Moderate severity GitHub Reviewed Published Oct 17, 2018 to the GitHub Advisory Database • Updated Mar 5, 2024

Package

maven org.springframework:spring-core (Maven)

Affected versions

>= 4.1.0, < 4.1.5

Patched versions

4.1.5

Description

The Java SockJS client in Pivotal Spring Framework 4.1.x before 4.1.5 generates predictable session ids, which allows remote attackers to send messages to other sessions via unspecified vectors.

References

Published by the National Vulnerability Database Mar 10, 2015
Published to the GitHub Advisory Database Oct 17, 2018
Reviewed Jun 16, 2020
Last updated Mar 5, 2024

Severity

Moderate

Weaknesses

No CWEs

CVE ID

CVE-2015-0201

GHSA ID

GHSA-45vg-2v73-vm62

Source code

Credits

Loading Checking history
See something to contribute? Suggest improvements for this vulnerability.