You are viewing a plain text version of this content. The canonical link for it is here.

Posted to user@ignite.apache.org by vbm <bm...@gmail.com> on 2020/11/17 14:44:16 UTC

Query on CVE-2020-5421

Hi,

Is the CVE-2020-5421 <https://nvd.nist.gov/vuln/detail/CVE-2020-5421>  
applicable to Ignite ? 

I have a doubt whether it is applicable to only spring-web package
(https://mvnrepository.com/artifact/org.springframework/spring-web) or to
all the springframework  packages.

 
Regards,
Vishwas



--
Sent from: http://apache-ignite-users.70518.x6.nabble.com/

Re: Query on CVE-2020-5421

Posted by Vladimir Pligin <vo...@yandex.ru>.

This issue is definitely web-oriented. It's about the 'Content-Disposition'
custom HTTP header which raised a big deal of concerns about security itself
over time. As far as I currently understand it affects only web part(s) of
Spring, more particularly spring-webmvc. It's not being used by Ignite. So I
suppose it's safe to think that Ignite is not affected by that one.



--
Sent from: http://apache-ignite-users.70518.x6.nabble.com/