Описание
Spring Batch Admin vulnerable to Cross-site request forgery (CSRF) in the file upload functionality
Cross-site request forgery (CSRF) vulnerability in the Spring Batch Admin before 1.3.0 allows remote attackers to hijack the authentication of unspecified victims and submit arbitrary requests, such as exploiting the file upload vulnerability.
Пакеты
Наименование
org.springframework.batch:spring-batch-admin-manager
maven
Затронутые версииВерсия исправления
< 1.3.0.RELEASE
1.3.0.RELEASE
Связанные уязвимости
CVSS3: 8.8
nvd
около 8 лет назад
Cross-site request forgery (CSRF) vulnerability in the Spring Batch Admin before 1.3.0 allows remote attackers to hijack the authentication of unspecified victims and submit arbitrary requests, such as exploiting the file upload vulnerability.