CVE: 2020-5421 found in Spring Web - Version: 3.2.15.RELEASE [JAVA]

[github-actions]

Veracode Software Composition Analysis

Attribute	Details
Library	Spring Web
Description	Spring Web
Language	JAVA
Vulnerability	Reflected File Download (RFD) Attack
Vulnerability description	spring-web is vulnerable to Reflected File Download (RFD) attack. An incomplete fix of CVE-2015-5211 allows an attacker to bypass the protection against RFD attack via the jsessionid path parameter.
CVE	2020-5421
CVSS score	3.6
Vulnerability present in version/s	3.2.0.RELEASE-4.2.9.RELEASE
Found library version/s	3.2.15.RELEASE
Vulnerability fixed in version	4.3.29.RELEASE
Library latest version	6.0.0-M6
Fix

Links:

• https://sca.analysiscenter.veracode.com/vulnerability-database/libraries/1104?version=3.2.15.RELEASE
• https://sca.analysiscenter.veracode.com/vulnerability-database/vulnerabilities/26780
• Patch: