spring-boot-starter-web-2.1.4.RELEASE.jar: 63 vulnerabilities (highest severity is: 9.8) unreachable #17
Labels
Mend: dependency security vulnerability
Security vulnerability detected by Mend
Comments
mend-for-github-com
bot
added
the
Mend: dependency security vulnerability
mend-for-github-com
bot
changed the title
mend-for-github-com
bot
changed the title
mend-for-github-com
bot
changed the title
mend-for-github-com
bot
changed the title
mend-for-github-com
bot
changed the title
mend-for-github-com
bot
changed the title
mend-for-github-com
bot
changed the title
mend-for-github-com
bot
changed the title
mend-for-github-com
bot
changed the title
mend-for-github-com
bot
changed the title
mend-for-github-com
bot
changed the title
mend-for-github-com
bot
changed the title
mend-for-github-com
bot
changed the title
mend-for-github-com
bot
changed the title
mend-for-github-com
bot
changed the title
mend-for-github-com
bot
changed the title
mend-for-github-com
bot
changed the title
mend-for-github-com
bot
changed the title
mend-for-github-com
bot
changed the title
mend-for-github-com
bot
changed the title
mend-for-github-com
bot
changed the title
mend-for-github-com
bot
changed the title
mend-for-github-com
bot
changed the title
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Path to dependency file: /nexmo-spring-boot-test-application/pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/org/yaml/snakeyaml/1.23/snakeyaml-1.23.jar
Found in HEAD commit: 3c697156679612e93e2a8f1c4982c052a930d7d1
Vulnerabilities
*For some transitive vulnerabilities, there is no version of direct dependency with a fix. Check the "Details" section below to see if there is a version of transitive dependency where vulnerability is fixed.
**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation
Details
Vulnerable Library - tomcat-embed-core-9.0.17.jar
Core Tomcat implementation
Path to dependency file: /nexmo-spring-boot-test-application/pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/org/apache/tomcat/embed/tomcat-embed-core/9.0.17/tomcat-embed-core-9.0.17.jar
Dependency Hierarchy:
Found in HEAD commit: 3c697156679612e93e2a8f1c4982c052a930d7d1
Found in base branch: main
Reachability Analysis
The vulnerable code is unreachable
Vulnerability Details
Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Apache Tomcat.
This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.1, from 10.1.0-M1 through 10.1.33, from 9.0.0.M1 through 9.0.97.
The mitigation for CVE-2024-50379 was incomplete.
Users running Tomcat on a case insensitive file system with the default servlet write enabled (readonly initialisation
parameter set to the non-default value of false) may need additional configuration to fully mitigate CVE-2024-50379 depending on which version of Java they are using with Tomcat:
Tomcat 11.0.3, 10.1.35 and 9.0.99 onwards will include checks that sun.io.useCanonCaches is set appropriately before allowing the default servlet to be write enabled on a case insensitive file system. Tomcat will also set sun.io.useCanonCaches to false by default where it can.
Publish Date: 2024-12-20
URL: CVE-2024-56337
Threat Assessment
Exploit Maturity: Not Defined
EPSS: 0.0%
CVSS 3 Score Details (9.8)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
For more information on CVSS3 Scores, click here.Suggested Fix
Type: Upgrade version
Origin: https://tomcat.apache.org/security-11.html
Release Date: 2024-12-20
Fix Resolution (org.apache.tomcat.embed:tomcat-embed-core): 9.0.98
Direct dependency fix Resolution (org.springframework.boot:spring-boot-starter-web): 3.0.0
⛑️ Automatic Remediation will be attempted for this issue.
Vulnerable Library - tomcat-embed-core-9.0.17.jar
Core Tomcat implementation
Path to dependency file: /nexmo-spring-boot-test-application/pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/org/apache/tomcat/embed/tomcat-embed-core/9.0.17/tomcat-embed-core-9.0.17.jar
Dependency Hierarchy:
Found in HEAD commit: 3c697156679612e93e2a8f1c4982c052a930d7d1
Found in base branch: main
Reachability Analysis
The vulnerable code is unreachable
Vulnerability Details
Unchecked Error Condition vulnerability in Apache Tomcat. If Tomcat is configured to use a custom Jakarta Authentication (formerly JASPIC) ServerAuthContext component which may throw an exception during the authentication process without explicitly setting an HTTP status to indicate failure, the authentication may not fail, allowing the user to bypass the authentication process. There are no known Jakarta Authentication components that behave in this way.
This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M26, from 10.1.0-M1 through 10.1.30, from 9.0.0-M1 through 9.0.95.
Users are recommended to upgrade to version 11.0.0, 10.1.31 or 9.0.96, which fix the issue.
Publish Date: 2024-11-18
URL: CVE-2024-52316
Threat Assessment
Exploit Maturity: Not Defined
EPSS: 0.0%
CVSS 3 Score Details (9.8)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
For more information on CVSS3 Scores, click here.Suggested Fix
Type: Upgrade version
Origin: https://tomcat.apache.org/security-11.html
Release Date: 2024-11-18
Fix Resolution (org.apache.tomcat.embed:tomcat-embed-core): 9.0.96
Direct dependency fix Resolution (org.springframework.boot:spring-boot-starter-web): 3.0.0
⛑️ Automatic Remediation will be attempted for this issue.
Vulnerable Library - tomcat-embed-core-9.0.17.jar
Core Tomcat implementation
Path to dependency file: /nexmo-spring-boot-test-application/pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/org/apache/tomcat/embed/tomcat-embed-core/9.0.17/tomcat-embed-core-9.0.17.jar
Dependency Hierarchy:
Found in HEAD commit: 3c697156679612e93e2a8f1c4982c052a930d7d1
Found in base branch: main
Reachability Analysis
The vulnerable code is unreachable
Vulnerability Details
Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability during JSP compilation in Apache Tomcat permits an RCE on case insensitive file systems when the default servlet is enabled for write (non-default configuration).
This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.1, from 10.1.0-M1 through 10.1.33, from 9.0.0.M1 through 9.0.97.
Users are recommended to upgrade to version 11.0.2, 10.1.34 or 9.0.98, which fixes the issue.
Mend Note: The fix for CVE-2024-50379 was found to be incomplete - users should refer to the follow-up CVE-2024-56337 which fully addresses the issue.
Publish Date: 2024-12-17
URL: CVE-2024-50379
Threat Assessment
Exploit Maturity: Not Defined
EPSS: 0.0%
CVSS 3 Score Details (9.8)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
For more information on CVSS3 Scores, click here.Suggested Fix
Type: Upgrade version
Origin: https://tomcat.apache.org/security-11.html
Release Date: 2024-12-17
Fix Resolution (org.apache.tomcat.embed:tomcat-embed-core): 9.0.98
Direct dependency fix Resolution (org.springframework.boot:spring-boot-starter-web): 3.0.0
⛑️ Automatic Remediation will be attempted for this issue.
Vulnerable Library - spring-web-5.1.6.RELEASE.jar
Spring Web
Library home page: https://projects.spring.io/spring-framework
Path to dependency file: /nexmo-spring-boot-test-application/pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/spring-web/5.1.6.RELEASE/spring-web-5.1.6.RELEASE.jar
Dependency Hierarchy:
Found in HEAD commit: 3c697156679612e93e2a8f1c4982c052a930d7d1
Found in base branch: main
Reachability Analysis
The vulnerable code is unreachable
Vulnerability Details
Pivotal Spring Framework through 5.3.16 suffers from a potential remote code execution (RCE) issue if used for Java deserialization of untrusted data. Depending on how the library is implemented within a product, this issue may or not occur, and authentication may be required. NOTE: the vendor's position is that untrusted data is not an intended use case. The product's behavior will not be changed because some users rely on deserialization of trusted data.
Mend Note: After conducting further research, Mend has determined that all versions of spring-web up to version 6.0.0 are vulnerable to CVE-2016-1000027.
Publish Date: 2020-01-02
URL: CVE-2016-1000027
Threat Assessment
Exploit Maturity: Not Defined
EPSS: 1.0%
CVSS 3 Score Details (9.8)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
For more information on CVSS3 Scores, click here.Suggested Fix
Type: Upgrade version
Origin: GHSA-4wrc-f8pq-fpqp
Release Date: 2020-01-02
Fix Resolution (org.springframework:spring-web): 5.1.16.RELEASE
Direct dependency fix Resolution (org.springframework.boot:spring-boot-starter-web): 2.1.15.RELEASE
⛑️ Automatic Remediation will be attempted for this issue.
Vulnerable Library - tomcat-embed-core-9.0.17.jar
Core Tomcat implementation
Path to dependency file: /nexmo-spring-boot-test-application/pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/org/apache/tomcat/embed/tomcat-embed-core/9.0.17/tomcat-embed-core-9.0.17.jar
Dependency Hierarchy:
Found in HEAD commit: 3c697156679612e93e2a8f1c4982c052a930d7d1
Found in base branch: main
Reachability Analysis
The vulnerable code is unreachable
Vulnerability Details
Allocation of Resources Without Limits or Throttling vulnerability in Apache Tomcat, leading to Denial of Service (DoS).
Publish Date: 2024-11-07
URL: CVE-2024-38286
Threat Assessment
Exploit Maturity: Not Defined
EPSS: 0.0%
CVSS 3 Score Details (8.6)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Changed
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High
For more information on CVSS3 Scores, click here.Suggested Fix
Type: Upgrade version
Origin: https://seclists.org/oss-sec/2024/q3/264
Release Date: 2024-11-07
Fix Resolution (org.apache.tomcat.embed:tomcat-embed-core): 9.0.90
Direct dependency fix Resolution (org.springframework.boot:spring-boot-starter-web): 3.0.0
⛑️ Automatic Remediation will be attempted for this issue.
Vulnerable Library - snakeyaml-1.23.jar
YAML 1.1 parser and emitter for Java
Library home page: http://www.snakeyaml.org
Path to dependency file: /nexmo-spring-boot-test-application/pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/org/yaml/snakeyaml/1.23/snakeyaml-1.23.jar
Dependency Hierarchy:
Found in HEAD commit: 3c697156679612e93e2a8f1c4982c052a930d7d1
Found in base branch: main
Reachability Analysis
The vulnerable code is unreachable
Vulnerability Details
SnakeYaml's Constructor() class does not restrict types which can be instantiated during deserialization. Deserializing yaml content provided by an attacker can lead to remote code execution. We recommend using SnakeYaml's SafeConsturctor when parsing untrusted content to restrict deserialization. We recommend upgrading to version 2.0 and beyond.
Publish Date: 2022-12-01
URL: CVE-2022-1471
Threat Assessment
Exploit Maturity: Not Defined
EPSS: 1.9%
CVSS 3 Score Details (8.3)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: Low
For more information on CVSS3 Scores, click here.Suggested Fix
Type: Upgrade version
Origin: https://bitbucket.org/snakeyaml/snakeyaml/issues/561/cve-2022-1471-vulnerability-in#comment-64634374
Release Date: 2022-12-01
Fix Resolution (org.yaml:snakeyaml): 2.0
Direct dependency fix Resolution (org.springframework.boot:spring-boot-starter-web): 3.2.0
⛑️ Automatic Remediation will be attempted for this issue.
Vulnerable Library - spring-web-5.1.6.RELEASE.jar
Spring Web
Library home page: https://projects.spring.io/spring-framework
Path to dependency file: /nexmo-spring-boot-test-application/pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/spring-web/5.1.6.RELEASE/spring-web-5.1.6.RELEASE.jar
Dependency Hierarchy:
Found in HEAD commit: 3c697156679612e93e2a8f1c4982c052a930d7d1
Found in base branch: main
Reachability Analysis
The vulnerable code is unreachable
Vulnerability Details
Applications that use UriComponentsBuilder to parse an externally provided URL (e.g. through a query parameter) AND perform validation checks on the host of the parsed URL may be vulnerable to a open redirect https://cwe.mitre.org/data/definitions/601.html attack or to a SSRF attack if the URL is used after passing validation checks.
This is the same as CVE-2024-22259 https://spring.io/security/cve-2024-22259 and CVE-2024-22243 https://spring.io/security/cve-2024-22243 , but with different input.
Publish Date: 2024-04-16
URL: CVE-2024-22262
Threat Assessment
Exploit Maturity: Not Defined
EPSS: 0.1%
CVSS 3 Score Details (8.1)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: None
For more information on CVSS3 Scores, click here.Suggested Fix
Type: Upgrade version
Origin: https://spring.io/security/cve-2024-22262
Release Date: 2024-04-16
Fix Resolution (org.springframework:spring-web): 5.3.34
Direct dependency fix Resolution (org.springframework.boot:spring-boot-starter-web): 3.0.0
⛑️ Automatic Remediation will be attempted for this issue.
Vulnerable Library - spring-web-5.1.6.RELEASE.jar
Spring Web
Library home page: https://projects.spring.io/spring-framework
Path to dependency file: /nexmo-spring-boot-test-application/pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/spring-web/5.1.6.RELEASE/spring-web-5.1.6.RELEASE.jar
Dependency Hierarchy:
Found in HEAD commit: 3c697156679612e93e2a8f1c4982c052a930d7d1
Found in base branch: main
Reachability Analysis
The vulnerable code is unreachable
Vulnerability Details
Applications that use UriComponentsBuilder in Spring Framework to parse an externally provided URL (e.g. through a query parameter) AND perform validation checks on the host of the parsed URL may be vulnerable to a open redirect https://cwe.mitre.org/data/definitions/601.html attack or to a SSRF attack if the URL is used after passing validation checks.
This is the same as CVE-2024-22243 https://spring.io/security/cve-2024-22243 , but with different input.
Publish Date: 2024-03-16
URL: CVE-2024-22259
Threat Assessment
Exploit Maturity: Not Defined
EPSS: 0.1%
CVSS 3 Score Details (8.1)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: None
For more information on CVSS3 Scores, click here.Suggested Fix
Type: Upgrade version
Origin: https://spring.io/security/cve-2024-22259
Release Date: 2024-03-16
Fix Resolution (org.springframework:spring-web): 5.3.33
Direct dependency fix Resolution (org.springframework.boot:spring-boot-starter-web): 3.0.0
⛑️ Automatic Remediation will be attempted for this issue.
Vulnerable Library - spring-web-5.1.6.RELEASE.jar
Spring Web
Library home page: https://projects.spring.io/spring-framework
Path to dependency file: /nexmo-spring-boot-test-application/pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/spring-web/5.1.6.RELEASE/spring-web-5.1.6.RELEASE.jar
Dependency Hierarchy:
Found in HEAD commit: 3c697156679612e93e2a8f1c4982c052a930d7d1
Found in base branch: main
Reachability Analysis
The vulnerable code is unreachable
Vulnerability Details
Applications that use UriComponentsBuilder to parse an externally provided URL (e.g. through a query parameter) AND perform validation checks on the host of the parsed URL may be vulnerable to a open redirect https://cwe.mitre.org/data/definitions/601.html attack or to a SSRF attack if the URL is used after passing validation checks.
Publish Date: 2024-02-23
URL: CVE-2024-22243
Threat Assessment
Exploit Maturity: Not Defined
EPSS: 0.1%
CVSS 3 Score Details (8.1)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: None
For more information on CVSS3 Scores, click here.Suggested Fix
Type: Upgrade version
Origin: https://spring.io/security/cve-2024-22243
Release Date: 2024-02-23
Fix Resolution (org.springframework:spring-web): 5.3.32
Direct dependency fix Resolution (org.springframework.boot:spring-boot-starter-web): 3.0.0
⛑️ Automatic Remediation will be attempted for this issue.
Vulnerable Library - tomcat-embed-core-9.0.17.jar
Core Tomcat implementation
Path to dependency file: /nexmo-spring-boot-test-application/pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/org/apache/tomcat/embed/tomcat-embed-core/9.0.17/tomcat-embed-core-9.0.17.jar
Dependency Hierarchy:
Found in HEAD commit: 3c697156679612e93e2a8f1c4982c052a930d7d1
Found in base branch: main
Reachability Analysis
The vulnerable code is unreachable
Vulnerability Details
When running on Windows with enableCmdLineArguments enabled, the CGI Servlet in Apache Tomcat 9.0.0.M1 to 9.0.17, 8.5.0 to 8.5.39 and 7.0.0 to 7.0.93 is vulnerable to Remote Code Execution due to a bug in the way the JRE passes command line arguments to Windows. The CGI Servlet is disabled by default. The CGI option enableCmdLineArguments is disable by default in Tomcat 9.0.x (and will be disabled by default in all versions in response to this vulnerability). For a detailed explanation of the JRE behaviour, see Markus Wulftange's blog (https://codewhitesec.blogspot.com/2016/02/java-and-command-line-injections-in-windows.html) and this archived MSDN blog (https://web.archive.org/web/20161228144344/https://blogs.msdn.microsoft.com/twistylittlepassagesallalike/2011/04/23/everyone-quotes-command-line-arguments-the-wrong-way/).
Publish Date: 2019-04-15
URL: CVE-2019-0232
Threat Assessment
Exploit Maturity: Not Defined
EPSS: 97.399994%
CVSS 3 Score Details (8.1)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: High
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
For more information on CVSS3 Scores, click here.Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0232
Release Date: 2019-04-15
Fix Resolution (org.apache.tomcat.embed:tomcat-embed-core): 9.0.19
Direct dependency fix Resolution (org.springframework.boot:spring-boot-starter-web): 2.1.5.RELEASE
⛑️ Automatic Remediation will be attempted for this issue.
Vulnerable Library - spring-webmvc-5.1.6.RELEASE.jar
Spring Web MVC
Library home page: https://projects.spring.io/spring-framework
Path to dependency file: /nexmo-spring-boot-test-application/pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/spring-webmvc/5.1.6.RELEASE/spring-webmvc-5.1.6.RELEASE.jar
Dependency Hierarchy:
Found in HEAD commit: 3c697156679612e93e2a8f1c4982c052a930d7d1
Found in base branch: main
Reachability Analysis
The vulnerable code is unreachable
Vulnerability Details
Applications serving static resources through the functional web frameworks WebMvc.fn or WebFlux.fn are vulnerable to path traversal attacks. An attacker can craft malicious HTTP requests and obtain any file on the file system that is also accessible to the process in which the Spring application is running.
This is similar to CVE-2024-38816, but with different input.
Publish Date: 2024-12-19
URL: CVE-2024-38819
Threat Assessment
Exploit Maturity: Not Defined
EPSS: 0.0%
CVSS 3 Score Details (7.5)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: None
- Availability Impact: None
For more information on CVSS3 Scores, click here.Suggested Fix
Type: Upgrade version
Origin: https://spring.io/security/cve-2024-38819
Release Date: 2024-12-19
Fix Resolution (org.springframework:spring-webmvc): 6.1.14
Direct dependency fix Resolution (org.springframework.boot:spring-boot-starter-web): 3.2.11
⛑️ Automatic Remediation will be attempted for this issue.
Vulnerable Library - spring-webmvc-5.1.6.RELEASE.jar
Spring Web MVC
Library home page: https://projects.spring.io/spring-framework
Path to dependency file: /nexmo-spring-boot-test-application/pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/spring-webmvc/5.1.6.RELEASE/spring-webmvc-5.1.6.RELEASE.jar
Dependency Hierarchy:
Found in HEAD commit: 3c697156679612e93e2a8f1c4982c052a930d7d1
Found in base branch: main
Reachability Analysis
The vulnerable code is unreachable
Vulnerability Details
Applications serving static resources through the functional web frameworks WebMvc.fn or WebFlux.fn are vulnerable to path traversal attacks. An attacker can craft malicious HTTP requests and obtain any file on the file system that is also accessible to the process in which the Spring application is running.
Specifically, an application is vulnerable when both of the following are true:
However, malicious requests are blocked and rejected when any of the following is true:
Publish Date: 2024-09-13
URL: CVE-2024-38816
Threat Assessment
Exploit Maturity: Not Defined
EPSS: 0.1%
CVSS 3 Score Details (7.5)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: None
- Availability Impact: None
For more information on CVSS3 Scores, click here.Suggested Fix
Type: Upgrade version
Origin: https://spring.io/security/cve-2024-38816
Release Date: 2024-09-13
Fix Resolution (org.springframework:spring-webmvc): 6.1.13
Direct dependency fix Resolution (org.springframework.boot:spring-boot-starter-web): 3.2.10
⛑️ Automatic Remediation will be attempted for this issue.
⛑️Automatic Remediation will be attempted for this issue.
The text was updated successfully, but these errors were encountered: