VDB

DEBIAN-CVE-2020-5421

DEBIAN-CVE-2020-5421 PUBLISHED CVSS 6.5 MEDIUM

In Spring Framework versions 5.2.0 - 5.2.8, 5.1.0 - 5.1.17, 5.0.0 - 5.0.18, 4.3.0 - 4.3.28, and older unsupported versions, the protections against RFD attacks from CVE-2015-5211 may be bypassed depending on the browser used through the use of a jsessionid path parameter.

Risk Scores

CVSS 3.1
6.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:N

Affected Products

VendorProductVersions
Debian:14libspring-java0, 0, 0
Debian:11libspring-java0, 0, 0
Debian:13libspring-java0, 0, 0
Debian:12libspring-java0, 0, 0

Timeline

  • Sep 19, 2020 CVE Published
  • Apr 28, 2026 CVE Updated
Open in Interactive Console →
$ Console Community · 100/wk Open console ›