CVE-2017-12881: Spring Batch Admin vulnerable to Cross-site request forgery (CSRF) in the file upload functionality

May 17, 2022 (updated September 23, 2025)

Cross-site request forgery (CSRF) vulnerability in the Spring Batch Admin before 1.3.0 allows remote attackers to hijack the authentication of unspecified victims and submit arbitrary requests, such as exploiting the file upload vulnerability.

References

github.com/advisories/GHSA-274r-p6v6-fhh4
github.com/spring-attic/spring-batch-admin
nvd.nist.gov/vuln/detail/CVE-2017-12881

Code Behaviors & Features

Detect and mitigate CVE-2017-12881 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →