-
Bug
-
Resolution: Done
-
Medium
-
Dublin Release
-
El Alto Sprint 3
spring-web versions prior to version 4.3.20 are vulnerable to the following CVEs:
CVE-2018-11039
CVE-2018-15756
CVE-2018-11040
spring-webmvc versions prior to 4.3.18 are vulnerable to CVE CVE-2018-11040
Note: this dependency is inherited from spring-boot version 1.5.16.RELEASE. Not sure what version of spring-web is used in latest spring boot 1.5 version (1.5.19.RELEASE), but this upgrade is recommended.