CVE-2020-5398: Download of Code Without Integrity Check
(updated )
In Spring Framework, an application is vulnerable to a reflected file download (RFD) attack when it sets a Content-Disposition
header in the response where the filename attribute is derived from user supplied input.
References
Detect and mitigate CVE-2020-5398 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →