CVE-2017-12881

HIGH8.8EPSS 0.16%

Spring Batch Admin vulnerable to Cross-site request forgery (CSRF) in the file upload functionality

Published: 5/17/2022Modified: 9/23/2025

Description

Cross-site request forgery (CSRF) vulnerability in the Spring Batch Admin before 1.3.0 allows remote attackers to hijack the authentication of unspecified victims and submit arbitrary requests, such as exploiting the file upload vulnerability.

Affected packages (1)

Maven/org.springframework.batch:spring-batch-admin-managerfrom 0, < 1.3.0.RELEASE

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	HIGH8.8	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References (3)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2017-12881
PATCHhttps://github.com/spring-attic/spring-batch-admin
WEBhttp://www.openwall.com/lists/oss-security/2017/08/16/5