Source: libspring-java
Version: 4.3.5-1
Severity: grave
Tags: security upstream fixed-upstream
Hi,
The following vulnerabilities were published for libspring-java,
filling only one bug this time since the common set of affected
versions for the two is all 4.3 versions and older unsupported
versions.
CVE-2018-1270[0]:
| Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior
| to 4.3.15 and older unsupported versions, allow applications to expose
| STOMP over WebSocket endpoints with a simple, in-memory STOMP broker
| through the spring-messaging module. A malicious user (or attacker)
| can craft a message to the broker that can lead to a remote code
| execution attack.
CVE-2018-1272[1]:
| Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior
| to 4.3.15 and older unsupported versions, provide client-side support
| for multipart requests. When Spring MVC or Spring WebFlux server
| application (server A) receives input from a remote client, and then
| uses that input to make a multipart request to another server (server
| B), it can be exposed to an attack, where an extra multipart is
| inserted in the content of the request from server A, causing server B
| to use the wrong value for a part it expects. This could to lead
| privilege escalation, for example, if the part content represents a
| username or user roles.
If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2018-1270
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1270
https://pivotal.io/security/cve-2018-1270
[1] https://security-tracker.debian.org/tracker/CVE-2018-1272
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1272
https://pivotal.io/security/cve-2018-1272
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore