High severity8.8NVD Advisory· Published Aug 18, 2017· Updated May 13, 2026

CVE-2017-12881

Description

Cross-site request forgery (CSRF) vulnerability in the Spring Batch Admin before 1.3.0 allows remote attackers to hijack the authentication of unspecified victims and submit arbitrary requests, such as exploiting the file upload vulnerability.

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
org.springframework.batch:spring-batch-admin-managerMaven	< 1.3.0.RELEASE	1.3.0.RELEASE

Affected products

Spring Batch Admin Project/Spring Batch Admin
cpe:2.3:a:spring_batch_admin_project:spring_batch_admin:*:*:*:*:*:*:*:*
Range: <=1.2.1

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.openwall.com/lists/oss-security/2017/08/16/5nvdMailing ListThird Party AdvisoryWEB
www.securityfocus.com/bid/100410nvdThird Party AdvisoryVDB Entry
github.com/advisories/GHSA-274r-p6v6-fhh4ghsaADVISORY
nvd.nist.gov/vuln/detail/CVE-2017-12881ghsaADVISORY

News mentions

No linked articles in our index yet.

cvss	0.572
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000