CVE-2017-12881
HIGH8.8EPSS 0.16%Spring Batch Admin vulnerable to Cross-site request forgery (CSRF) in the file upload functionality
發布日:2022/5/17修改日:2025/9/23
描述
Cross-site request forgery (CSRF) vulnerability in the Spring Batch Admin before 1.3.0 allows remote attackers to hijack the authentication of unspecified victims and submit arbitrary requests, such as exploiting the file upload vulnerability.
受影響套件(1)
- Maven/org.springframework.batch:spring-batch-admin-managerfrom 0, < 1.3.0.RELEASE
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH8.8 | CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |