Identifier

CVE-2020-5398

Package Slug

maven/org.springframework/spring-webflux

Vulnerability

Download of Code Without Integrity Check

Description

In Spring Framework, an application is vulnerable to a reflected file download (RFD) attack when it sets a Content-Disposition header in the response where the filename attribute is derived from user supplied input.

Affected Versions

All versions starting from 5.0.0 before 5.0.16, all versions starting from 5.1.0 up to 5.1.13, all versions starting from 5.2.0 before 5.2.3

Solution

Upgrade to versions 5.0.16.RELEASE, 5.1.14.RELEASE, 5.2.3.RELEASE or above.

Last Modified

2020-07-21

source