-
Bug
-
Resolution: Done
-
Medium
-
None
-
El Alto Release
-
None
CMSO Security/Vulnerability SONATYPE- 2017-0507 spring- security- web
The spring-security-web package is vulnerable to Cross-Site Request Forgery (CSRF). The doFilter() method in the SwitchU serFilter, which is reachable via a GET request, does not require any form of confirmation that the user sending the request intended to do so. An attacker can exploit this vulnerability by crafting a malicious application containing links to the vulnerable endpoint, HTML tags that use the vulnerable endpoint in the src attribute, or malicious JavaScript designed to send the request to the vulnerable endpoint. When a victim visits the malicious page, their browser will be made to send requests to the vulnerable endpoint, taking action as the victim without the victim's knowledge or consent. |
org. springframework. security | spring- security- web | 5.1.5. RELEASE | SONATYPE- 2017-0507 | Ineffective |
- relates to
-
OPTFRA-641 Perform Software Composition Analysis - Vulnerability tables
- Closed
- mentioned in
-
Page Loading...