Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2020-5398

In Spring Framework, versions 5.2.x prior to 5.2.3, versions 5.1.x prior to 5.1.13, and versions 5.0.x prior to 5.0.16, an application is vulnerable to a reflected file download (RFD) attack when it sets a "Content-Disposition" header in the response where the filename attribute is derived from user supplied input.

See the

CVE page on Mitre.org for more details.

References

CONFIRM: https://pivotal.io/sec...
MLIST: [camel-commits] 202002...
MLIST: [geode-dev] 20200410 P...
MLIST: [geode-dev] 20200410 R...
MISC: https://www.oracle.com...
MLIST: [karaf-commits] 202005...
MLIST: [karaf-commits] 202005...
MLIST: [karaf-commits] 202005...
MLIST: [karaf-issues] 2020051...
MLIST: [karaf-issues] 2020051...
MLIST: [karaf-issues] 2020051...
MLIST: [karaf-commits] 202005...
MLIST: [karaf-commits] 202005...
MLIST: [karaf-issues] 2020051...
MLIST: [karaf-issues] 2020051...
MLIST: [karaf-issues] 2020051...
MLIST: [karaf-issues] 2020051...
MLIST: [karaf-commits] 202005...
MLIST: [karaf-commits] 202005...
MLIST: [karaf-issues] 2020051...
MLIST: [karaf-commits] 202005...
MLIST: [karaf-commits] 202005...
MLIST: [karaf-commits] 202005...
MLIST: [karaf-issues] 2020051...
MISC: https://lists.apache.o...
MISC: https://lists.apache.o...
MISC: https://lists.apache.o...
MISC: https://www.oracle.com...
MLIST: [ambari-issues] 202010...
MLIST: [ambari-commits] 20201...
MLIST: [ambari-dev] 20201019 ...
MLIST: [ambari-dev] 20201019 ...
MISC: https://www.oracle.com...
MLIST: [ambari-issues] 202010...
MISC: https://www.oracle.com...
MISC: https://lists.apache.o...
MISC: https://lists.apache.o...
MISC: https://lists.apache.o...
MLIST: [rocketmq-dev] 2021031...
MISC: https://www.oracle.com...
MISC: https://www.oracle.com...
CONFIRM: https://security.netap...
MISC: https://www.oracle.com...
MISC: https://www.oracle.com...

Launchpad.net

CVE 2020-5398

Related bugs

References