Moderate severity vulnerability that affects org.springframework:spring-core

GHSA-45vg-2v73-vm62 · CVE-2015-0201

Published Oct 17, 2018 · Modified Dec 2, 2024

Description

The Java SockJS client in Pivotal Spring Framework 4.1.x before 4.1.5 generates predictable session ids, which allows remote attackers to send messages to other sessions via unspecified vectors.

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2015-0201
WEB https://github.com/spring-projects/spring-framework/commit/d63cfc8eebc396be009e733a81ebb4c984811f6e
WEB https://github.com/spring-projects/spring-framework/commit/dc5b5ca8ee09c890352f89b2dae58bc0132d6545
ADVISORY https://github.com/advisories/GHSA-45vg-2v73-vm62
PACKAGE https://github.com/spring-projects/spring-framework
WEB https://pivotal.io/security/cve-2015-0201

Ready to move

Start Securing

Start for Free Get Demo

Free, no credit card | First findings in minutes