You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@ignite.apache.org by vbm <bm...@gmail.com> on 2020/11/17 14:44:16 UTC
Query on CVE-2020-5421
Hi,
Is the CVE-2020-5421 <https://nvd.nist.gov/vuln/detail/CVE-2020-5421>
applicable to Ignite ?
I have a doubt whether it is applicable to only spring-web package
(https://mvnrepository.com/artifact/org.springframework/spring-web) or to
all the springframework packages.
Regards,
Vishwas
--
Sent from: http://apache-ignite-users.70518.x6.nabble.com/
Re: Query on CVE-2020-5421
Posted by Vladimir Pligin <vo...@yandex.ru>.
This issue is definitely web-oriented. It's about the 'Content-Disposition'
custom HTTP header which raised a big deal of concerns about security itself
over time. As far as I currently understand it affects only web part(s) of
Spring, more particularly spring-webmvc. It's not being used by Ignite. So I
suppose it's safe to think that Ignite is not affected by that one.
--
Sent from: http://apache-ignite-users.70518.x6.nabble.com/