Findings for SCA, High, [TheRedHatter/javagoof:todolist-web-struts/pom.xml]:Reflected File Download
Created by: armorcodegithubpreprod[bot]
Findings for SCA, High, [TheRedHatter/javagoof:todolist-web-struts/pom.xml]:Reflected File Download
Component Details
- Exploit Maturity: no-known-exploit
- Vulnerable Package: -
- Current Version: -
- Vulnerable Version(s): >[3.2.0.RELEASE, 3.2.15.RELEASE),[4.0.0.RELEASE, 4.1.8.RELEASE),[4.2.0.RELEASE, 4.2.2.RELEASE)
- Vulnerable Path: >null
Overview
org.springframework:spring-web package that provides a comprehensive programming and configuration model for modern Java-based enterprise applications - on any kind of deployment platform.
Affected versions of this package are vulnerable to Reflected File Download via a crafted URL with a batch script extension, resulting in the response being downloaded rather than rendered.
References
Snyk Project Status: Active