Uploaded image for project: 'Common Controller SDK'
  1. Common Controller SDK
  2. CCSDK-983

Multiple CVEs - spring-web, spring-webmvc versions < 4.3.20

    XMLWordPrintable

    Details

      Description

      spring-web versions prior to version 4.3.20 are vulnerable to the following CVEs:

      CVE-2018-11039

      CVE-2018-15756

      CVE-2018-11040

      spring-webmvc versions prior to 4.3.18 are vulnerable to CVE CVE-2018-11040

       

      Note: this dependency is inherited from spring-boot version 1.5.16.RELEASE.  Not sure what version of spring-web is used in latest spring boot 1.5 version (1.5.19.RELEASE), but this upgrade is recommended.

        Attachments

          Issue Links

          No reviews matched the request. Check your Options in the drop-down menu of this sections header.

            Activity

              People

              Assignee:
              djtimoney Dan Timoney
              Reporter:
              djtimoney Dan Timoney
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: