CVE: 2018-11039 found in Spring Web - Version: 3.2.15.RELEASE [JAVA]

[github-actions]

Veracode Software Composition Analysis

Attribute	Details
Library	Spring Web
Description	Spring Web
Language	JAVA
Vulnerability	Cross-Site Tracing (XST)
Vulnerability description	spring-web is vulnerable to cross-site tracing (XST) attacks. The vulnerability exists as HiddenHttpMethodFilter allows web applications to change existing HTTP request method to any HTTP method, causing applications with existing cross-site scripting (XSS) vulnerability to be vulnerable to XST.
CVE	2018-11039
CVSS score	4.3
Vulnerability present in version/s	3.0.0.RELEASE-4.2.9.RELEASE
Found library version/s	3.2.15.RELEASE
Vulnerability fixed in version	4.3.18.RELEASE
Library latest version	6.0.0-M6
Fix

Links:

• https://sca.analysiscenter.veracode.com/vulnerability-database/libraries/1104?version=3.2.15.RELEASE
• https://sca.analysiscenter.veracode.com/vulnerability-database/vulnerabilities/6806
• Patch: spring-projects/spring-framework@323ccf9