WS-2016-7107 (Medium) detected in spring-security-web-4.2.18.RELEASE.jar

Question

WS-2016-7107 (Medium) detected in spring-security-web-4.2.18.RELEASE.jar

Closed this issue 3 years ago · 1 comments

mend-bolt-for-github commented 3 years ago

WS-2016-7107 - Medium Severity Vulnerability

Vulnerable Library - spring-security-web-4.2.18.RELEASE.jar

spring-security-web

Library home page: https://spring.io/spring-security

Path to dependency file: api/pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/security/spring-security-web/4.2.18.RELEASE/spring-security-web-4.2.18.RELEASE.jar

Dependency Hierarchy:

spring-boot-starter-security-1.5.22.RELEASE.jar (Root Library)
- ❌ spring-security-web-4.2.18.RELEASE.jar (Vulnerable Library)

Found in HEAD commit: 37b603a7212a01a6b2bb0dd83fcfc64834928d71

Found in base branch: master

Vulnerability Details

CSRF tokens in Spring Security through 5.4.6 are vulnerable to a breach attack. Spring Security always returns the same CSRF token to the browser.

Publish Date: 2016-08-02

URL: WS-2016-7107

CVSS 3 Score Details (5.9)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: High
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: None
- Availability Impact: None

For more information on CVSS3 Scores, click here.

Step up your Open Source Security Game with WhiteSource here

Answer 1 · 2021-08-05T16:13:31.000Z

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.