org.springframework:spring-websocket@4.1.0.RELEASE vulnerabilities

Direct Vulnerabilities

Known vulnerabilities in the org.springframework:spring-websocket package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • M
Insufficiently Random Session ID

org.springframework:spring-websocket The Java SockJS client in Pivotal Spring Framework 4.1.x before 4.1.5 generates predictable session ids, which allows remote attackers to send messages to other sessions via unspecified vectors.

[4.1.0.RELEASE,4.1.5.RELEASE)