WS-2016-7112 (Medium) detected in spring-context-4.2.5.RELEASE.jar
mend-bolt-for-github opened this issue · 0 comments
WS-2016-7112 - Medium Severity Vulnerability
Vulnerable Library - spring-context-4.2.5.RELEASE.jar
Spring Context
Library home page: https://github.com/spring-projects/spring-framework
Path to dependency file: /pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/spring-context/4.2.5.RELEASE/spring-context-4.2.5.RELEASE.jar
Dependency Hierarchy:
- spring-web-4.2.5.RELEASE.jar (Root Library)
- ❌ spring-context-4.2.5.RELEASE.jar (Vulnerable Library)
Found in HEAD commit: 4c8d5a1732722418ec10d2f1f5fd7e7a6e43c83b
Found in base branch: master
Vulnerability Details
In Spring Framework, versions 3.0.0.RELEASE through 3.2.17.RELEASE, 4.0.0.RELEASE through 4.2.7.RELEASE and 4.3.0.RELEASE through 4.3.1.RELEASE are vulnerable to Stack-based Buffer Overflow, which allows an authenticated attacker to crash the application when giving CronSequenceGenerator a reversed range in the “minutes” or “hours” fields.
Publish Date: 2021-09-23
URL: WS-2016-7112
CVSS 3 Score Details (4.9)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: High
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High
Suggested Fix
Type: Upgrade version
Release Date: 2016-07-14
Fix Resolution (org.springframework:spring-context): 4.2.8.RELEASE
Direct dependency fix Resolution (org.springframework:spring-web): 4.2.8.RELEASE
Step up your Open Source Security Game with Mend here