You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Spring Framework, versions 5.0.x prior to 5.0.7 and 4.3.x prior to 4.3.18 and older unsupported versions, allows web applications to enable cross-domain requests via JSONP (JSON with Padding) through AbstractJsonpResponseBodyAdvice for REST controllers and MappingJackson2JsonView for browser requests. Both are not enabled by default in Spring Framework nor Spring Boot, however, when MappingJackson2JsonView is configured in an application, JSONP support is automatically ready to use through the "jsonp" and "callback" JSONP parameters, enabling cross-domain requests.
CVE-2018-11040 - Medium Severity Vulnerability
Vulnerable Libraries - spring-webmvc-5.0.4.RELEASE.jar, spring-web-5.0.4.RELEASE.jar
spring-webmvc-5.0.4.RELEASE.jar
Spring Web MVC
path: /root/.m2/repository/org/springframework/spring-webmvc/5.0.4.RELEASE/spring-webmvc-5.0.4.RELEASE.jar
Library home page: https://github.com/spring-projects/spring-framework
Dependency Hierarchy:
spring-web-5.0.4.RELEASE.jar
Spring Web
path: /root/.m2/repository/org/springframework/spring-web/5.0.4.RELEASE/spring-web-5.0.4.RELEASE.jar
Library home page: https://github.com/spring-projects/spring-framework
Dependency Hierarchy:
Vulnerability Details
Spring Framework, versions 5.0.x prior to 5.0.7 and 4.3.x prior to 4.3.18 and older unsupported versions, allows web applications to enable cross-domain requests via JSONP (JSON with Padding) through AbstractJsonpResponseBodyAdvice for REST controllers and MappingJackson2JsonView for browser requests. Both are not enabled by default in Spring Framework nor Spring Boot, however, when MappingJackson2JsonView is configured in an application, JSONP support is automatically ready to use through the "jsonp" and "callback" JSONP parameters, enabling cross-domain requests.
Publish Date: 2018-06-25
URL: CVE-2018-11040
CVSS 3 Score Details (5.9)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: https://nvd.nist.gov/vuln/detail/CVE-2018-11040
Release Date: 2018-06-25
Fix Resolution: 5.0.7,4.3.18
Step up your Open Source Security Game with WhiteSource here
The text was updated successfully, but these errors were encountered: