GHSA-rfmp-97jj-h8m6

Suggest an improvement
Source
https://github.com/advisories/GHSA-rfmp-97jj-h8m6
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-rfmp-97jj-h8m6/GHSA-rfmp-97jj-h8m6.json
JSON Data
https://api.test.osv.dev/v1/vulns/GHSA-rfmp-97jj-h8m6
Aliases
Published
2022-05-24T19:19:04Z
Modified
2024-07-19T20:22:39.042804Z
Severity
  • 4.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N CVSS Calculator
Summary
Improper Output Neutralization for Logs in Spring Framework
Details

In Spring Framework versions 5.3.0 - 5.3.10, 5.2.0 - 5.2.17, and older unsupported versions, it is possible for a user to provide malicious input to cause the insertion of additional log entries.

Database specific
{
    "nvd_published_at": "2021-10-28T16:15:00Z",
    "cwe_ids": [
        "CWE-117"
    ],
    "severity": "MODERATE",
    "github_reviewed": true,
    "github_reviewed_at": "2022-06-22T18:25:00Z"
}
References

Affected packages

Maven / org.springframework:spring-core

Package

Name
org.springframework:spring-core
View open source insights on deps.dev
Purl
pkg:maven/org.springframework/spring-core

Affected ranges

Type
ECOSYSTEM
Events
Introduced
5.3.0
Fixed
5.3.11

Affected versions

5.*

5.3.0
5.3.1
5.3.2
5.3.3
5.3.4
5.3.5
5.3.6
5.3.7
5.3.8
5.3.9
5.3.10

Database specific

{
    "last_known_affected_version_range": "<= 5.3.10"
}

Maven / org.springframework:spring-core

Package

Name
org.springframework:spring-core
View open source insights on deps.dev
Purl
pkg:maven/org.springframework/spring-core

Affected ranges

Type
ECOSYSTEM
Events
Introduced
5.2.0
Fixed
5.2.18

Affected versions

5.*

5.2.0.RELEASE
5.2.1.RELEASE
5.2.2.RELEASE
5.2.3.RELEASE
5.2.4.RELEASE
5.2.5.RELEASE
5.2.6.RELEASE
5.2.7.RELEASE
5.2.8.RELEASE
5.2.9.RELEASE
5.2.10.RELEASE
5.2.11.RELEASE
5.2.12.RELEASE
5.2.13.RELEASE
5.2.14.RELEASE
5.2.15.RELEASE
5.2.16.RELEASE
5.2.17.RELEASE

Database specific

{
    "last_known_affected_version_range": "<= 5.2.17"
}

Maven / org.springframework:spring

Package

Name
org.springframework:spring
View open source insights on deps.dev
Purl
pkg:maven/org.springframework/spring

Affected ranges

Type
ECOSYSTEM
Events
Introduced
5.2.0
Fixed
5.2.18

Affected versions

5.*

5.2.0.RELEASE
5.2.1.RELEASE
5.2.2.RELEASE
5.2.3.RELEASE
5.2.5.RELEASE
5.2.6.RELEASE
5.2.7.RELEASE
5.2.8.RELEASE
5.2.9.RELEASE
5.2.10.RELEASE
5.2.11.RELEASE
5.2.12.RELEASE
5.2.13.RELEASE
5.2.14.RELEASE
5.2.15.RELEASE
5.2.16.RELEASE
5.2.17.RELEASE

Database specific

{
    "last_known_affected_version_range": "<= 5.2.17"
}

Maven / org.springframework:spring

Package

Name
org.springframework:spring
View open source insights on deps.dev
Purl
pkg:maven/org.springframework/spring

Affected ranges

Type
ECOSYSTEM
Events
Introduced
5.3.0
Fixed
5.3.11

Affected versions

5.*

5.3.0
5.3.1
5.3.2
5.3.3
5.3.4
5.3.5
5.3.6
5.3.7
5.3.8
5.3.9
5.3.10

Database specific

{
    "last_known_affected_version_range": "<= 5.3.10"
}