Identifier

CVE-2020-5397

Package Slug

maven/org.springframework/spring-webmvc

Vulnerability

Cross-Site Request Forgery (CSRF)

Description

Spring Framework is vulnerable to CSRF attacks through CORS preflight requests that target Spring MVC (spring-webmvc module) or Spring WebFlux (spring-webflux module) endpoints.

Affected Versions

All versions starting from 5.2.0 before 5.2.3

Solution

Upgrade to version 5.2.3.RELEASE or above.

Last Modified

2020-07-21

source