Upgrade org.springframework to newer version
Closed this issue · 1 comments
simonjenga commented
Upgrade org.springframework
to version 4.3.25.RELEASE
or later.
Vulnerable versions:
< 4.3.16
Patched version:
4.3.16
Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.16 and older unsupported versions, allow applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to the broker that can lead to a remote code execution attack. This CVE addresses the partial fix for CVE-2018-1270 in the 4.3.x branch of the Spring Framework.
simonjenga commented
Fixed at #63