CVE-2018-1270 -- libspring-javaID: oval:org.secpod.oval:def:2001054 | Date: (C)2019-06-07 (M)2023-11-13 |
Class: VULNERABILITY | Family: unix |
Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user can craft a message to the broker that can lead to a remote code execution attack.
Product: |
libspring-core-java |