Moderate severity vulnerability that affects org.springframework:spring-core

CVE-2015-0201 → View on GitHub ↗ View on CVE.org ↗ View on NVD ↗

Description

The Java SockJS client in Pivotal Spring Framework 4.1.x before 4.1.5 generates predictable session ids, which allows remote attackers to send messages to other sessions via unspecified vectors.

Basic information

Type: reviewed
Severity: medium
Advisory on GitHub: Open advisory ↗
Repository advisory: —
Source code: Browse source ↗
Published (advisory): 2018-10-17 20:28:20 UTC
Updated: 2024-03-05 18:20:20 UTC
GitHub reviewed: 2020-06-16 20:57:30 UTC
NVD published: 2015-03-10 14:59:00 UTC

EPSS Score

Score	Percentile
0.18%	39.60%

CVSS Scores

No CVSS scores in this advisory.

Identifiers

Type	Value
GHSA	GHSA-45vg-2v73-vm62 ↗
CVE	CVE-2015-0201 ↗

Credits

sunSUNQ (analyst)

Affected packages (1)

Vulnerable version ranges and first patched releases as published by GitHub.

Ecosystem	Package	Vulnerable range	First patched	Vulnerable functions
maven	org.springframework:spring-core	>= 4.1.0, < 4.1.5	4.1.5	—

References

cvelogic Threat Intelligence