DEBIAN-CVE-2018-1270

DEBIAN-CVE-2018-1270 PUBLISHED CVSS 9.800000190734863 CRITICAL

Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to the broker that can lead to a remote code execution attack.

Risk Scores

CVSS v3.1

9.800000190734863

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected Products

Vendor	Product	Versions
Debian:12	libspring-java	0, 0, 0
Debian:14	libspring-java	0, 0, 0
Debian:11	libspring-java	0, 0, 0
Debian:13	libspring-java	0, 0, 0

Timeline

Apr 6, 2018 CVE Published
Apr 28, 2026 CVE Updated

References

https://security-tracker.debian.org/tracker/CVE-2018-1270 advisory

Open in Interactive Console →