GHSA-45vg-2v73-vm62

Suggest an improvement
Source
https://github.com/advisories/GHSA-45vg-2v73-vm62
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2018/10/GHSA-45vg-2v73-vm62/GHSA-45vg-2v73-vm62.json
JSON Data
https://api.test.osv.dev/v1/vulns/GHSA-45vg-2v73-vm62
Aliases
  • CVE-2015-0201
Published
2018-10-17T20:28:20Z
Modified
2024-12-02T05:45:47.040311Z
Summary
Moderate severity vulnerability that affects org.springframework:spring-core
Details

The Java SockJS client in Pivotal Spring Framework 4.1.x before 4.1.5 generates predictable session ids, which allows remote attackers to send messages to other sessions via unspecified vectors.

Database specific
{
    "nvd_published_at": "2015-03-10T14:59:00Z",
    "cwe_ids": [],
    "severity": "MODERATE",
    "github_reviewed": true,
    "github_reviewed_at": "2020-06-16T20:57:30Z"
}
References

Affected packages

Maven / org.springframework:spring-core

Package

Name
org.springframework:spring-core
View open source insights on deps.dev
Purl
pkg:maven/org.springframework/spring-core

Affected ranges

Type
ECOSYSTEM
Events
Introduced
4.1.0
Fixed
4.1.5

Affected versions

4.*

4.1.0.RELEASE
4.1.1.RELEASE
4.1.2.RELEASE
4.1.3.RELEASE
4.1.4.RELEASE