Spring Framework vulnerable to a reflected file download (RFD)
In Spring Framework, versions 6.0.x as of 6.0.5, versions 6.1.x and 6.2.x, an application is vulnerable to a reflected file download (RFD) attack when it sets a “Content-Disposition” header with a non-ASCII charset, where the filename attribute is derived from user-supplied input. Specifically, an application is vulnerable when all the following are true: The header is prepared with org.springframework.http.ContentDisposition. The filename is set via ContentDisposition.Builder#filename(String, Charset). The value for the …