VYPR
Moderate severityNVD Advisory· Published Sep 19, 2020· Updated Sep 17, 2024

RFD Protection Bypass via jsessionid

CVE-2020-5421

Description

In Spring Framework versions 5.2.0 - 5.2.8, 5.1.0 - 5.1.17, 5.0.0 - 5.0.18, 4.3.0 - 4.3.28, and older unsupported versions, the protections against RFD attacks from CVE-2015-5211 may be bypassed depending on the browser used through the use of a jsessionid path parameter.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
org.springframework:spring-framework-bomMaven
>= 5.2.0, < 5.2.95.2.9
org.springframework:spring-framework-bomMaven
>= 5.1.0, < 5.1.185.1.18
org.springframework:spring-framework-bomMaven
>= 5.0.0, < 5.0.195.0.19
org.springframework:spring-framework-bomMaven
< 4.3.294.3.29

Affected products

2

Patches

Vulnerability mechanics

References

43

News mentions

0

No linked articles in our index yet.