Security Advisories

CVE-2020-5403: DoS Via Malformed URL with Reactor Netty HTTP Server

MEDIUM | FEBRUARY 27, 2020 | CVE-2020-5403

Description Reactor Netty HttpServer, versions 0.9.3 and 0.9.4, is exposed to a URISyntaxException that causes the connection to be closed prematurely instead of producing a 400 response. Affected Spring Products and Versions Mitigation Credit This issue was…

CVE-2020-5404: Authentication Leak On Redirect With Reactor Netty HttpClient

MEDIUM | FEBRUARY 27, 2020 | CVE-2020-5404

Description Reactor Netty HttpClient, versions 0.9.x prior to 0.9.5, and versions 0.8.x prior to 0.8.16, may be used incorrectly, leading to a credentials leak during a redirect to a different domain. In order for this to happen, the HttpClient must have been…

CVE-2020-5405: Directory Traversal with spring-cloud-config-server

HIGH | FEBRUARY 26, 2020 | CVE-2020-5405

Description Spring Cloud Config, versions 2.2.x prior to 2.2.2, versions 2.1.x prior to 2.1.7, and older unsupported versions allow applications to serve arbitrary configuration files through the spring-cloud-config-server module. A malicious user, or attacker…

CVE-2020-5397: CSRF Attack via CORS Preflight Requests with Spring MVC or Spring WebFlux

MEDIUM | JANUARY 16, 2020 | CVE-2020-5397

Description Spring Framework, versions 5.2.x prior to 5.2.3 are vulnerable to CSRF attacks through CORS preflight requests that target Spring MVC (spring-webmvc module) or Spring WebFlux (spring-webflux module) endpoints.Only non-authenticated endpoints are…

CVE-2020-5398: RFD Attack via “Content-Disposition” Header Sourced from Request Input by Spring MVC or Spring WebFlux Application

HIGH | JANUARY 16, 2020 | CVE-2020-5398

Description Affected Spring Products and Versions Mitigation Credit This issue was identified and responsibly reported by Roman Shalymov from EPAM. References https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/reflected-file-download-a-new-web…

CVE-2019-16869: Reactor Netty Consumes a Vulnerable Version of Netty

HIGH | OCTOBER 28, 2019 | CVE-2019-16869

Description Reactor Netty, versions 0.8.x prior to 0.8.13 and 0.9.x prior to 0.9.1, depends on vulnerable versions of netty (versions prior to 4.1.42), which incorrectly handles whitespace before a colon in headers, leading to HTTP request smuggling attacks…

CVE-2019-11284: Reactor Netty authentication leak in redirects

MEDIUM | OCTOBER 11, 2019 | CVE-2019-11284

Description Pivotal Reactor Netty, versions prior to 0.8.11, passes headers through redirects, including authorization ones. A remote unauthenticated malicious user may gain access to credentials for a different server than they have access to. References…

CVE-2019-11272: PlaintextPasswordEncoder authenticates encoded passwords that are null

LOW | JUNE 19, 2019 | CVE-2019-11272

Description Affected Spring Products and Versions Mitigation Credit This issue was identified and responsibly reported by Tim Büthe and Daniel Neagaru from mytaxi. History 2019-06-19: Initial vulnerability report published

CVE-2019-11269: Open Redirector in spring-security-oauth2

MEDIUM | MAY 30, 2019 | CVE-2019-11269

Description Affected Spring Products and Versions Mitigation Credit This issue was identified and responsibly reported by Mike Noordermeer. References Spring Security OAuth

Additional information exposure with Spring Data JPA example matcher

LOW | MAY 13, 2019 | CVE-2019-3802

Description Affected Spring Products and Versions Mitigation Credit This issue was identified and responsibly reported by Thaveethu Vignesh References https://cwe.mitre.org/data/definitions/155.html https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L…

Spring Security Advisories