CVE-2020-5421

Summary

In Spring Framework versions 5.2.0 - 5.2.8, 5.1.0 - 5.1.17, 5.0.0 - 5.0.18, 4.3.0 - 4.3.28, and older unsupported versions, the protections against RFD attacks from CVE-2015-5211 may be bypassed depending on the browser used through the use of a jsessionid path parameter.

Affected Software

VendorProductVersion RangeStatus
Spring by VMwareSpring Framework4.3 < 4.3.29affected
Spring by VMwareSpring Framework5.0 < 5.0.19affected
Spring by VMwareSpring Framework5.1 < 5.1.18affected
Spring by VMwareSpring Framework5.2 < 5.2.9affected

Weaknesses

  • CWE-020: Improper Input Validation

ADP Enrichment

CVE Program Container

Additional References

References