CVE-2011-2732: Improper Control of Generation of Code ('Code Injection')

May 17, 2022 (updated July 13, 2022)

CRLF injection vulnerability in the logout functionality in VMware SpringSource Spring Security before 2.0.7 and 3.0.x before 3.0.6 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the spring-security-redirect parameter.

References

bugs.debian.org/cgi-bin/bugreport.cgi?bug=677814
support.springsource.com/security/cve-2011-2732
github.com/advisories/GHSA-5xm9-rf63-wj7h
nvd.nist.gov/vuln/detail/CVE-2011-2732

Detect and mitigate CVE-2011-2732 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →