CVE-2011-2732
EPSS 7.2%Improper Control of Generation of Code in Spring Security
發布日:2022/5/17修改日:2024/12/7
描述
CRLF injection vulnerability in the logout functionality in VMware SpringSource Spring Security before 2.0.7 and 3.0.x before 3.0.6 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the spring-security-redirect parameter.
受影響套件(1)
- Maven/org.springframework.security:spring-security-corefrom 0, < 2.0.7