RSS   Podatności dla 'Spring web flow'   RSS

2017-11-27
 
CVE-2017-8039

CWE-1188
 

 
An issue was discovered in Pivotal Spring Web Flow through 2.4.5. Applications that do not change the value of the MvcViewFactoryCreator useSpringBinding property which is disabled by default (i.e., set to 'false') can be vulnerable to malicious EL expressions in view states that process form submissions but do not have a sub-element to declare explicit data binding property mappings. NOTE: this issue exists because of an incomplete fix for CVE-2017-4971.

 
2017-06-13
 
CVE-2017-4971

CWE-1188
 

 
An issue was discovered in Pivotal Spring Web Flow through 2.4.4. Applications that do not change the value of the MvcViewFactoryCreator useSpringBinding property which is disabled by default (i.e., set to 'false') can be vulnerable to malicious EL expressions in view states that process form submissions but do not have a sub-element to declare explicit data binding property mappings.

 

 >>> Vendor: Pivotal 22 Produkty
Spring framework
Cloud foundry elastic runtime
Operations manager
Rabbitmq
Spring security oauth
Spring web flow
Pcf tile generator
UAA
Elastic runtime
Uaa-release
Cloud foundry
Bosh stemcell
Cf-release
Routing-release
Capi-release
Uaa bosh
Spring-flex
Cloud foundry php buildpack
Tc runtimes
Tc server
Reactor netty
Vmware harbor registry


Copyright 2020, cxsecurity.com

 

Back to Top