Uploaded image for project: 'Common Controller SDK'
  1. Common Controller SDK
  2. CCSDK-983

Multiple CVEs - spring-web, spring-webmvc versions < 4.3.20

XMLWordPrintable

      spring-web versions prior to version 4.3.20 are vulnerable to the following CVEs:

      CVE-2018-11039

      CVE-2018-15756

      CVE-2018-11040

      spring-webmvc versions prior to 4.3.18 are vulnerable to CVE CVE-2018-11040

       

      Note: this dependency is inherited from spring-boot version 1.5.16.RELEASE.  Not sure what version of spring-web is used in latest spring boot 1.5 version (1.5.19.RELEASE), but this upgrade is recommended.

            djtimoney Dan Timoney
            djtimoney Dan Timoney
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Created:
              Updated:
              Resolved: