Skip to content

Minor issue with fix for CVE 2010-1622 [SPR-11098] #15724

New issue
New issue
Closed
Closed
Minor issue with fix for CVE 2010-1622 [SPR-11098]#15724
Assignees
jhoeller
Labels
in: coreIssues in core modules (aop, beans, core, context, expression)status: backportedAn issue that has been backported to maintenance branchestype: enhancementA general enhancement
Milestone
4.0 GA
@spring-projects-issues

Description

@spring-projects-issues
spring-projects-issues
opened on Nov 18, 2013

John Melton opened SPR-11098 and commented

There is a minor issue with the fix for CVE 2010-1622 (http://docs.spring.io/spring/docs/2.5.6.SEC03/changelog.txt). I don't have an exploitable vulnerability, but the issue could lead to a security issue. I couldn't find on the site how to specify this was a security issue and didn't want to post it in the open. Please let me know how to post with the visibility restricted.

Affects: 4.0 RC1

Reference URL: https://github.com/spring-projects/spring-framework/blob/master/spring-beans/src/main/java/org/springframework/beans/CachedIntrospectionResults.java

Referenced from: commits 62ea627, 7f89522

Backported to: 3.2.6

0 votes, 5 watchers

Metadata

Metadata

Assignees

Labels

in: coreIssues in core modules (aop, beans, core, context, expression)status: backportedAn issue that has been backported to maintenance branchestype: enhancementA general enhancement

Type

No type

Projects

No projects

Milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions