You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@servicecomb.apache.org by GitBox <gi...@apache.org> on 2020/05/27 06:35:16 UTC

[GitHub] [servicecomb-java-chassis] Neverstop opened a new issue #1782: CSE 依赖的spring-framework涉及漏洞CVE-2020-5398

Neverstop opened a new issue #1782:
URL: https://github.com/apache/servicecomb-java-chassis/issues/1782


   In Spring Framework, versions 5.2.x prior to 5.2.3, versions 5.1.x prior to 5.1.13, and versions 5.0.x prior to 5.0.16, an application is vulnerable to a reflected file download (RFD) attack when it sets a "Content-Disposition" header in the response where the filename attribute is derived from user supplied input.
   
   当前版本为5.1.5


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [servicecomb-java-chassis] liubao68 commented on issue #1782: CSE 依赖的spring-framework涉及漏洞CVE-2020-5398

Posted by GitBox <gi...@apache.org>.
liubao68 commented on issue #1782:
URL: https://github.com/apache/servicecomb-java-chassis/issues/1782#issuecomment-646007739


   Fixed in https://github.com/apache/servicecomb-java-chassis/pull/1842 and will be available in 2.1.0


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [servicecomb-java-chassis] liubao68 closed issue #1782: CSE 依赖的spring-framework涉及漏洞CVE-2020-5398

Posted by GitBox <gi...@apache.org>.
liubao68 closed issue #1782:
URL: https://github.com/apache/servicecomb-java-chassis/issues/1782


   


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org