Uploaded image for project: 'Optimization Framework'
  1. Optimization Framework
  2. OPTFRA-627

CMSO Security/Vulnerability SONATYPE- 2017-0507 spring- security- web

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done
    • Icon: Medium Medium
    • None
    • El Alto Release
    • CMSO
    • None

      CMSO Security/Vulnerability SONATYPE- 2017-0507 spring- security- web

      The spring-security-web package is vulnerable to Cross-Site Request Forgery (CSRF). The doFilter() method in the SwitchU serFilter, which is reachable via a GET request, does not
      require any form of confirmation that the user sending the request intended to do so. An attacker can exploit this vulnerability by crafting a malicious application containing links to the vulnerable endpoint, HTML tags that use the vulnerable endpoint in the src attribute, or malicious JavaScript designed to send the request to
      the vulnerable endpoint. When a victim visits the malicious page, their browser will be made to send requests to the vulnerable endpoint, taking action as the victim without the victim's knowledge or consent.
       
      org. springframework. security spring- security- web 5.1.5. RELEASE SONATYPE- 2017-0507 Ineffective

            jf9860 jf9860
            jf9860 jf9860
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

              Created:
              Updated:
              Resolved: