Описание
In Spring Framework versions 5.3.0 - 5.3.18, 5.2.0 - 5.2.20, and older unsupported versions, the patterns for disallowedFields on a DataBinder are case sensitive which means a field is not effectively protected unless it is listed with both upper and lower case for the first character of the field, including upper and lower case for the first character of all nested fields within the property path.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| A-MQ Clients 2 | springframework | Not affected | ||
| Logging Subsystem for Red Hat OpenShift | springframework | Fix deferred | ||
| Red Hat build of Quarkus | springframework | Not affected | ||
| Red Hat Data Grid 8 | springframework | Not affected | ||
| Red Hat Decision Manager 7 | springframework | Fix deferred | ||
| Red Hat Integration Camel K 1 | springframework | Fix deferred | ||
| Red Hat Integration Camel Quarkus 1 | springframework | Fix deferred | ||
| Red Hat Integration Data Virtualisation Operator | springframework | Out of support scope | ||
| Red Hat JBoss Data Grid 7 | springframework | Out of support scope | ||
| Red Hat JBoss Data Virtualization 6 | springframework | Out of support scope |
Показывать по
Дополнительная информация
Статус:
EPSS
5.3 Medium
CVSS3
Связанные уязвимости
In Spring Framework versions 5.3.0 - 5.3.18, 5.2.0 - 5.2.20, and older unsupported versions, the patterns for disallowedFields on a DataBinder are case sensitive which means a field is not effectively protected unless it is listed with both upper and lower case for the first character of the field, including upper and lower case for the first character of all nested fields within the property path.
In Spring Framework versions 5.3.0 - 5.3.18, 5.2.0 - 5.2.20, and older unsupported versions, the patterns for disallowedFields on a DataBinder are case sensitive which means a field is not effectively protected unless it is listed with both upper and lower case for the first character of the field, including upper and lower case for the first character of all nested fields within the property path.
In Spring Framework versions 5.3.0 - 5.3.18, 5.2.0 - 5.2.20, and older ...
Improper handling of case sensitivity in Spring Framework
EPSS
5.3 Medium
CVSS3