Improper Input Validation Affecting org.springframework:spring-core package, versions [,5.2.19.RELEASE)[5.3.0,5.3.14)


Severity

Recommended
0.0
medium
0
10

CVSS assessment by Snyk's Security Team. Learn more

Threat Intelligence

EPSS
0.86% (54th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk IDSNYK-JAVA-ORGSPRINGFRAMEWORK-2330878
  • published6 Jan 2022
  • disclosed6 Jan 2022
  • creditpsytester

Introduced: 6 Jan 2022

CVE-2021-22060  (opens in a new tab)
CWE-20  (opens in a new tab)

How to fix?

Upgrade org.springframework:spring-core to version 5.2.19.RELEASE, 5.3.14 or higher.

Overview

org.springframework:spring-core is a core package within the spring-framework that contains multiple classes and utilities.

Affected versions of this package are vulnerable to Improper Input Validation when a user provides malicious input, causing insertion of additional log entries.

CVSS Base Scores

version 3.1