org.springframework:spring-webflux@5.0.5.RELEASE vulnerabilities

latest version

6.1.12
first published

7 years ago
latest version published

a month ago
licenses detected
- Apache-2.0
  [5.0.0.RELEASE,)
package manager

View on Maven Repository

Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the org.springframework:spring-webflux package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free

Vulnerability Vulnerable Version

Vulnerability	Vulnerable Version
H Path Traversal org.springframework:spring-webflux is a Spring Framework module that contains support for reactive HTTP and WebSocket clients as well as for reactive server web applications including REST, HTML browser, and WebSocket style interactions. Affected versions of this package are vulnerable to Path Traversal via the `WebMvc.fn` and `WebFlux.fn` frameworks. An attacker can access any file on the file system that is also accessible to the process in which the Spring application is running by crafting malicious HTTP requests. Note: This is only exploitable if the web application uses `RouterFunctions` to serve static resources and resource handling is explicitly configured with a `FileSystemResource` location. How to fix Path Traversal? Upgrade `org.springframework:spring-webflux` to version 6.1.13 or higher.	[,6.1.13)
M Improper Output Neutralization for Logs org.springframework:spring-webflux is a Spring Framework module that contains support for reactive HTTP and WebSocket clients as well as for reactive server web applications including REST, HTML browser, and WebSocket style interactions. Affected versions of this package are vulnerable to Improper Output Neutralization for Logs when a user provides malicious input, causing insertion of additional log entries. How to fix Improper Output Neutralization for Logs? Upgrade `org.springframework:spring-webflux` to version 5.3.12, 5.2.18 or higher.	[5.3.0,5.3.12) [,5.2.18)

Path Traversal

org.springframework:spring-webflux is a Spring Framework module that contains support for reactive HTTP and WebSocket clients as well as for reactive server web applications including REST, HTML browser, and WebSocket style interactions.

Affected versions of this package are vulnerable to Path Traversal via the WebMvc.fn and WebFlux.fn frameworks. An attacker can access any file on the file system that is also accessible to the process in which the Spring application is running by crafting malicious HTTP requests.

Note:

This is only exploitable if the web application uses RouterFunctions to serve static resources and resource handling is explicitly configured with a FileSystemResource location.

How to fix Path Traversal?

Upgrade org.springframework:spring-webflux to version 6.1.13 or higher.

[,6.1.13)

Improper Output Neutralization for Logs

Affected versions of this package are vulnerable to Improper Output Neutralization for Logs when a user provides malicious input, causing insertion of additional log entries.

How to fix Improper Output Neutralization for Logs?

Upgrade org.springframework:spring-webflux to version 5.3.12, 5.2.18 or higher.

[5.3.0,5.3.12) [,5.2.18)

Go back to all versions of this package

org.springframework:spring-webflux@5.0.5.RELEASE vulnerabilities

latest version

first published

latest version published

licenses detected

package manager

Direct Vulnerabilities