spring-web-3.1.1.RELEASE.jar: 9 vulnerabilities (highest severity is: 8.8) #9
Labels
Mend: dependency security vulnerability
Security vulnerability detected by Mend
Comments
mend-for-github-com
bot
added
the
Mend: dependency security vulnerability
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Spring Framework Parent
Path to dependency file: /ksa-web-root/ksa-finance-web/pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/spring-web/3.1.1.RELEASE/spring-web-3.1.1.RELEASE.jar,/home/wss-scanner/.m2/repository/org/springframework/spring-web/3.1.1.RELEASE/spring-web-3.1.1.RELEASE.jar,/home/wss-scanner/.m2/repository/org/springframework/spring-web/3.1.1.RELEASE/spring-web-3.1.1.RELEASE.jar,/home/wss-scanner/.m2/repository/org/springframework/spring-web/3.1.1.RELEASE/spring-web-3.1.1.RELEASE.jar,/home/wss-scanner/.m2/repository/org/springframework/spring-web/3.1.1.RELEASE/spring-web-3.1.1.RELEASE.jar,/home/wss-scanner/.m2/repository/org/springframework/spring-web/3.1.1.RELEASE/spring-web-3.1.1.RELEASE.jar,/home/wss-scanner/.m2/repository/org/springframework/spring-web/3.1.1.RELEASE/spring-web-3.1.1.RELEASE.jar,/home/wss-scanner/.m2/repository/org/springframework/spring-web/3.1.1.RELEASE/spring-web-3.1.1.RELEASE.jar
Found in HEAD commit: 204dd0b060fd6e5bb82b7a7e2f313a5ea51e87b5
Vulnerabilities
**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation
Details
Vulnerable Library - spring-web-3.1.1.RELEASE.jar
Spring Framework Parent
Path to dependency file: /ksa-web-root/ksa-finance-web/pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/spring-web/3.1.1.RELEASE/spring-web-3.1.1.RELEASE.jar,/home/wss-scanner/.m2/repository/org/springframework/spring-web/3.1.1.RELEASE/spring-web-3.1.1.RELEASE.jar,/home/wss-scanner/.m2/repository/org/springframework/spring-web/3.1.1.RELEASE/spring-web-3.1.1.RELEASE.jar,/home/wss-scanner/.m2/repository/org/springframework/spring-web/3.1.1.RELEASE/spring-web-3.1.1.RELEASE.jar,/home/wss-scanner/.m2/repository/org/springframework/spring-web/3.1.1.RELEASE/spring-web-3.1.1.RELEASE.jar,/home/wss-scanner/.m2/repository/org/springframework/spring-web/3.1.1.RELEASE/spring-web-3.1.1.RELEASE.jar,/home/wss-scanner/.m2/repository/org/springframework/spring-web/3.1.1.RELEASE/spring-web-3.1.1.RELEASE.jar,/home/wss-scanner/.m2/repository/org/springframework/spring-web/3.1.1.RELEASE/spring-web-3.1.1.RELEASE.jar
Dependency Hierarchy:
Found in HEAD commit: 204dd0b060fd6e5bb82b7a7e2f313a5ea51e87b5
Found in base branch: master
Vulnerability Details
When processing user provided XML documents, the Spring Framework 4.0.0 to 4.0.4, 3.0.0 to 3.2.8, and possibly earlier unsupported versions did not disable by default the resolution of URI references in a DTD declaration. This enabled an XXE attack.
Publish Date: 2017-05-25
URL: CVE-2014-0225
CVSS 3 Score Details (8.8)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
For more information on CVSS3 Scores, click here.Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0225
Release Date: 2017-05-25
Fix Resolution: org.springframework:spring-web:4.0.5.RELEASE,3.2.9.RELEASE,org.springframework:spring-oxm:4.0.5.RELEASE,3.2.9.RELEASE
⛑️ Automatic Remediation will be attempted for this issue.
Vulnerable Library - spring-web-3.1.1.RELEASE.jar
Spring Framework Parent
Path to dependency file: /ksa-web-root/ksa-finance-web/pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/spring-web/3.1.1.RELEASE/spring-web-3.1.1.RELEASE.jar,/home/wss-scanner/.m2/repository/org/springframework/spring-web/3.1.1.RELEASE/spring-web-3.1.1.RELEASE.jar,/home/wss-scanner/.m2/repository/org/springframework/spring-web/3.1.1.RELEASE/spring-web-3.1.1.RELEASE.jar,/home/wss-scanner/.m2/repository/org/springframework/spring-web/3.1.1.RELEASE/spring-web-3.1.1.RELEASE.jar,/home/wss-scanner/.m2/repository/org/springframework/spring-web/3.1.1.RELEASE/spring-web-3.1.1.RELEASE.jar,/home/wss-scanner/.m2/repository/org/springframework/spring-web/3.1.1.RELEASE/spring-web-3.1.1.RELEASE.jar,/home/wss-scanner/.m2/repository/org/springframework/spring-web/3.1.1.RELEASE/spring-web-3.1.1.RELEASE.jar,/home/wss-scanner/.m2/repository/org/springframework/spring-web/3.1.1.RELEASE/spring-web-3.1.1.RELEASE.jar
Dependency Hierarchy:
Found in HEAD commit: 204dd0b060fd6e5bb82b7a7e2f313a5ea51e87b5
Found in base branch: master
Vulnerability Details
Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, provide client-side support for multipart requests. When Spring MVC or Spring WebFlux server application (server A) receives input from a remote client, and then uses that input to make a multipart request to another server (server B), it can be exposed to an attack, where an extra multipart is inserted in the content of the request from server A, causing server B to use the wrong value for a part it expects. This could to lead privilege escalation, for example, if the part content represents a username or user roles.
Publish Date: 2018-04-06
URL: CVE-2018-1272
CVSS 3 Score Details (7.5)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: High
- Privileges Required: Low
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
For more information on CVSS3 Scores, click here.Suggested Fix
Type: Upgrade version
Origin: https://tanzu.vmware.com/security/cve-2018-1272
Release Date: 2018-04-05
Fix Resolution: org.springframework:spring-core:4.3.15.RELEASE,5.0.5.RELEASE;org.springframework:spring-web:4.3.15.RELEASE,5.0.5.RELEASE
⛑️ Automatic Remediation will be attempted for this issue.
Vulnerable Library - spring-web-3.1.1.RELEASE.jar
Spring Framework Parent
Path to dependency file: /ksa-web-root/ksa-finance-web/pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/spring-web/3.1.1.RELEASE/spring-web-3.1.1.RELEASE.jar,/home/wss-scanner/.m2/repository/org/springframework/spring-web/3.1.1.RELEASE/spring-web-3.1.1.RELEASE.jar,/home/wss-scanner/.m2/repository/org/springframework/spring-web/3.1.1.RELEASE/spring-web-3.1.1.RELEASE.jar,/home/wss-scanner/.m2/repository/org/springframework/spring-web/3.1.1.RELEASE/spring-web-3.1.1.RELEASE.jar,/home/wss-scanner/.m2/repository/org/springframework/spring-web/3.1.1.RELEASE/spring-web-3.1.1.RELEASE.jar,/home/wss-scanner/.m2/repository/org/springframework/spring-web/3.1.1.RELEASE/spring-web-3.1.1.RELEASE.jar,/home/wss-scanner/.m2/repository/org/springframework/spring-web/3.1.1.RELEASE/spring-web-3.1.1.RELEASE.jar,/home/wss-scanner/.m2/repository/org/springframework/spring-web/3.1.1.RELEASE/spring-web-3.1.1.RELEASE.jar
Dependency Hierarchy:
Found in HEAD commit: 204dd0b060fd6e5bb82b7a7e2f313a5ea51e87b5
Found in base branch: master
Vulnerability Details
In Spring Framework versions 5.2.0 - 5.2.8, 5.1.0 - 5.1.17, 5.0.0 - 5.0.18, 4.3.0 - 4.3.28, and older unsupported versions, the protections against RFD attacks from CVE-2015-5211 may be bypassed depending on the browser used through the use of a jsessionid path parameter.
Publish Date: 2020-09-19
URL: CVE-2020-5421
CVSS 3 Score Details (6.5)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: High
- Privileges Required: Low
- User Interaction: Required
- Scope: Changed
- Impact Metrics:
- Confidentiality Impact: Low
- Integrity Impact: High
- Availability Impact: None
For more information on CVSS3 Scores, click here.Suggested Fix
Type: Upgrade version
Origin: https://tanzu.vmware.com/security/cve-2020-5421
Release Date: 2020-09-19
Fix Resolution: 4.3.29.RELEASE
⛑️ Automatic Remediation will be attempted for this issue.
Vulnerable Library - spring-web-3.1.1.RELEASE.jar
Spring Framework Parent
Path to dependency file: /ksa-web-root/ksa-finance-web/pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/spring-web/3.1.1.RELEASE/spring-web-3.1.1.RELEASE.jar,/home/wss-scanner/.m2/repository/org/springframework/spring-web/3.1.1.RELEASE/spring-web-3.1.1.RELEASE.jar,/home/wss-scanner/.m2/repository/org/springframework/spring-web/3.1.1.RELEASE/spring-web-3.1.1.RELEASE.jar,/home/wss-scanner/.m2/repository/org/springframework/spring-web/3.1.1.RELEASE/spring-web-3.1.1.RELEASE.jar,/home/wss-scanner/.m2/repository/org/springframework/spring-web/3.1.1.RELEASE/spring-web-3.1.1.RELEASE.jar,/home/wss-scanner/.m2/repository/org/springframework/spring-web/3.1.1.RELEASE/spring-web-3.1.1.RELEASE.jar,/home/wss-scanner/.m2/repository/org/springframework/spring-web/3.1.1.RELEASE/spring-web-3.1.1.RELEASE.jar,/home/wss-scanner/.m2/repository/org/springframework/spring-web/3.1.1.RELEASE/spring-web-3.1.1.RELEASE.jar
Dependency Hierarchy:
Found in HEAD commit: 204dd0b060fd6e5bb82b7a7e2f313a5ea51e87b5
Found in base branch: master
Vulnerability Details
Pivotal Spring Framework before 3.2.14 and 4.x before 4.1.7 do not properly process inline DTD declarations when DTD is not entirely disabled, which allows remote attackers to cause a denial of service (memory consumption and out-of-memory errors) via a crafted XML file.
Publish Date: 2016-07-12
URL: CVE-2015-3192
CVSS 3 Score Details (5.5)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Local
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High
For more information on CVSS3 Scores, click here.Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3192
Release Date: 2016-07-12
Fix Resolution: 3.2.14.RELEASE
⛑️ Automatic Remediation will be attempted for this issue.
Vulnerable Library - spring-web-3.1.1.RELEASE.jar
Spring Framework Parent
Path to dependency file: /ksa-web-root/ksa-finance-web/pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/spring-web/3.1.1.RELEASE/spring-web-3.1.1.RELEASE.jar,/home/wss-scanner/.m2/repository/org/springframework/spring-web/3.1.1.RELEASE/spring-web-3.1.1.RELEASE.jar,/home/wss-scanner/.m2/repository/org/springframework/spring-web/3.1.1.RELEASE/spring-web-3.1.1.RELEASE.jar,/home/wss-scanner/.m2/repository/org/springframework/spring-web/3.1.1.RELEASE/spring-web-3.1.1.RELEASE.jar,/home/wss-scanner/.m2/repository/org/springframework/spring-web/3.1.1.RELEASE/spring-web-3.1.1.RELEASE.jar,/home/wss-scanner/.m2/repository/org/springframework/spring-web/3.1.1.RELEASE/spring-web-3.1.1.RELEASE.jar,/home/wss-scanner/.m2/repository/org/springframework/spring-web/3.1.1.RELEASE/spring-web-3.1.1.RELEASE.jar,/home/wss-scanner/.m2/repository/org/springframework/spring-web/3.1.1.RELEASE/spring-web-3.1.1.RELEASE.jar
Dependency Hierarchy:
Found in HEAD commit: 204dd0b060fd6e5bb82b7a7e2f313a5ea51e87b5
Found in base branch: master
Vulnerability Details
The JavaScriptUtils.javaScriptEscape method in web/util/JavaScriptUtils.java in Spring MVC in Spring Framework before 3.2.2 does not properly escape certain characters, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a (1) line separator or (2) paragraph separator Unicode character or (3) left or (4) right angle bracket.
Publish Date: 2020-01-10
URL: CVE-2013-6430
CVSS 3 Score Details (5.4)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: Required
- Scope: Changed
- Impact Metrics:
- Confidentiality Impact: Low
- Integrity Impact: Low
- Availability Impact: None
For more information on CVSS3 Scores, click here.Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6430
Release Date: 2020-01-10
Fix Resolution: 3.1.5,3.2.2
⛑️ Automatic Remediation will be attempted for this issue.
Vulnerable Library - spring-web-3.1.1.RELEASE.jar
Spring Framework Parent
Path to dependency file: /ksa-web-root/ksa-finance-web/pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/spring-web/3.1.1.RELEASE/spring-web-3.1.1.RELEASE.jar,/home/wss-scanner/.m2/repository/org/springframework/spring-web/3.1.1.RELEASE/spring-web-3.1.1.RELEASE.jar,/home/wss-scanner/.m2/repository/org/springframework/spring-web/3.1.1.RELEASE/spring-web-3.1.1.RELEASE.jar,/home/wss-scanner/.m2/repository/org/springframework/spring-web/3.1.1.RELEASE/spring-web-3.1.1.RELEASE.jar,/home/wss-scanner/.m2/repository/org/springframework/spring-web/3.1.1.RELEASE/spring-web-3.1.1.RELEASE.jar,/home/wss-scanner/.m2/repository/org/springframework/spring-web/3.1.1.RELEASE/spring-web-3.1.1.RELEASE.jar,/home/wss-scanner/.m2/repository/org/springframework/spring-web/3.1.1.RELEASE/spring-web-3.1.1.RELEASE.jar,/home/wss-scanner/.m2/repository/org/springframework/spring-web/3.1.1.RELEASE/spring-web-3.1.1.RELEASE.jar
Dependency Hierarchy:
Found in HEAD commit: 204dd0b060fd6e5bb82b7a7e2f313a5ea51e87b5
Found in base branch: master
Vulnerability Details
The SourceHttpMessageConverter in Spring MVC in Spring Framework before 3.2.5 and 4.0.0.M1 through 4.0.0.RC1 does not disable external entity resolution, which allows remote attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via crafted XML, aka an XML External Entity (XXE) issue, and a different vulnerability than CVE-2013-4152 and CVE-2013-7315.
Publish Date: 2014-01-26
URL: CVE-2013-6429
CVSS 3 Score Details (5.3)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: Low
- Integrity Impact: None
- Availability Impact: None
For more information on CVSS3 Scores, click here.Suggested Fix
Type: Upgrade version
Origin: https://nvd.nist.gov/vuln/detail/CVE-2013-6429
Release Date: 2014-01-26
Fix Resolution: 3.2.5
⛑️ Automatic Remediation will be attempted for this issue.
Vulnerable Library - spring-web-3.1.1.RELEASE.jar
Spring Framework Parent
Path to dependency file: /ksa-web-root/ksa-finance-web/pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/spring-web/3.1.1.RELEASE/spring-web-3.1.1.RELEASE.jar,/home/wss-scanner/.m2/repository/org/springframework/spring-web/3.1.1.RELEASE/spring-web-3.1.1.RELEASE.jar,/home/wss-scanner/.m2/repository/org/springframework/spring-web/3.1.1.RELEASE/spring-web-3.1.1.RELEASE.jar,/home/wss-scanner/.m2/repository/org/springframework/spring-web/3.1.1.RELEASE/spring-web-3.1.1.RELEASE.jar,/home/wss-scanner/.m2/repository/org/springframework/spring-web/3.1.1.RELEASE/spring-web-3.1.1.RELEASE.jar,/home/wss-scanner/.m2/repository/org/springframework/spring-web/3.1.1.RELEASE/spring-web-3.1.1.RELEASE.jar,/home/wss-scanner/.m2/repository/org/springframework/spring-web/3.1.1.RELEASE/spring-web-3.1.1.RELEASE.jar,/home/wss-scanner/.m2/repository/org/springframework/spring-web/3.1.1.RELEASE/spring-web-3.1.1.RELEASE.jar
Dependency Hierarchy:
Found in HEAD commit: 204dd0b060fd6e5bb82b7a7e2f313a5ea51e87b5
Found in base branch: master
Vulnerability Details
The Spring MVC in Spring Framework before 3.2.4 and 4.0.0.M1 through 4.0.0.M2 does not disable external entity resolution for the StAX XMLInputFactory, which allows context-dependent attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via crafted XML with JAXB, aka an XML External Entity (XXE) issue, and a different vulnerability than CVE-2013-4152. NOTE: this issue was SPLIT from CVE-2013-4152 due to different affected versions.
Publish Date: 2014-01-23
URL: CVE-2013-7315
CVSS 3 Score Details (5.3)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: Low
- Integrity Impact: None
- Availability Impact: None
For more information on CVSS3 Scores, click here.Suggested Fix
Type: Upgrade version
Origin: https://nvd.nist.gov/vuln/detail/CVE-2013-7315
Release Date: 2014-01-23
Fix Resolution: org.springframework:spring-web:3.2.4.RELEASE,org.springframework:spring-web:4.0.0.M3
⛑️ Automatic Remediation will be attempted for this issue.
Vulnerable Library - spring-web-3.1.1.RELEASE.jar
Spring Framework Parent
Path to dependency file: /ksa-web-root/ksa-finance-web/pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/spring-web/3.1.1.RELEASE/spring-web-3.1.1.RELEASE.jar,/home/wss-scanner/.m2/repository/org/springframework/spring-web/3.1.1.RELEASE/spring-web-3.1.1.RELEASE.jar,/home/wss-scanner/.m2/repository/org/springframework/spring-web/3.1.1.RELEASE/spring-web-3.1.1.RELEASE.jar,/home/wss-scanner/.m2/repository/org/springframework/spring-web/3.1.1.RELEASE/spring-web-3.1.1.RELEASE.jar,/home/wss-scanner/.m2/repository/org/springframework/spring-web/3.1.1.RELEASE/spring-web-3.1.1.RELEASE.jar,/home/wss-scanner/.m2/repository/org/springframework/spring-web/3.1.1.RELEASE/spring-web-3.1.1.RELEASE.jar,/home/wss-scanner/.m2/repository/org/springframework/spring-web/3.1.1.RELEASE/spring-web-3.1.1.RELEASE.jar,/home/wss-scanner/.m2/repository/org/springframework/spring-web/3.1.1.RELEASE/spring-web-3.1.1.RELEASE.jar
Dependency Hierarchy:
Found in HEAD commit: 204dd0b060fd6e5bb82b7a7e2f313a5ea51e87b5
Found in base branch: master
Vulnerability Details
The Jaxb2RootElementHttpMessageConverter in Spring MVC in Spring Framework before 3.2.8 and 4.0.0 before 4.0.2 does not disable external entity resolution, which allows remote attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via crafted XML, aka an XML External Entity (XXE) issue. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-4152, CVE-2013-7315, and CVE-2013-6429.
Publish Date: 2014-04-17
URL: CVE-2014-0054
CVSS 3 Score Details (5.3)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: Low
- Integrity Impact: None
- Availability Impact: None
For more information on CVSS3 Scores, click here.Suggested Fix
Type: Upgrade version
Origin: https://nvd.nist.gov/vuln/detail/CVE-2014-0054
Release Date: 2014-04-17
Fix Resolution: org.springframework:spring-web:3.2.8.RELEASE,4.0.2.RELEASE,org.springframework:spring-oxm:4.0.2.RELEASE,3.2.8.RELEASE
⛑️ Automatic Remediation will be attempted for this issue.
Vulnerable Library - spring-web-3.1.1.RELEASE.jar
Spring Framework Parent
Path to dependency file: /ksa-web-root/ksa-finance-web/pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/spring-web/3.1.1.RELEASE/spring-web-3.1.1.RELEASE.jar,/home/wss-scanner/.m2/repository/org/springframework/spring-web/3.1.1.RELEASE/spring-web-3.1.1.RELEASE.jar,/home/wss-scanner/.m2/repository/org/springframework/spring-web/3.1.1.RELEASE/spring-web-3.1.1.RELEASE.jar,/home/wss-scanner/.m2/repository/org/springframework/spring-web/3.1.1.RELEASE/spring-web-3.1.1.RELEASE.jar,/home/wss-scanner/.m2/repository/org/springframework/spring-web/3.1.1.RELEASE/spring-web-3.1.1.RELEASE.jar,/home/wss-scanner/.m2/repository/org/springframework/spring-web/3.1.1.RELEASE/spring-web-3.1.1.RELEASE.jar,/home/wss-scanner/.m2/repository/org/springframework/spring-web/3.1.1.RELEASE/spring-web-3.1.1.RELEASE.jar,/home/wss-scanner/.m2/repository/org/springframework/spring-web/3.1.1.RELEASE/spring-web-3.1.1.RELEASE.jar
Dependency Hierarchy:
Found in HEAD commit: 204dd0b060fd6e5bb82b7a7e2f313a5ea51e87b5
Found in base branch: master
Vulnerability Details
In Spring Framework versions 5.3.0 - 5.3.10, 5.2.0 - 5.2.17, and older unsupported versions, it is possible for a user to provide malicious input to cause the insertion of additional log entries.
Publish Date: 2021-10-28
URL: CVE-2021-22096
CVSS 3 Score Details (4.3)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: Low
- Availability Impact: None
For more information on CVSS3 Scores, click here.Suggested Fix
Type: Upgrade version
Origin: https://tanzu.vmware.com/security/cve-2021-22096
Release Date: 2021-10-28
Fix Resolution: 5.2.18.RELEASE
⛑️ Automatic Remediation will be attempted for this issue.
⛑️Automatic Remediation will be attempted for this issue.
The text was updated successfully, but these errors were encountered: