Lucene search
BannamalaiATLASSIAN:BSERV-12196HistoryFeb 17, 2020 - 6:00 a.m.
Spring Framework Vulnerability - CVE-2020-5398
2020-02-1706:00:21
bannamalai
jira.atlassian.com
199
0.625 Medium
EPSS
Percentile
97.9%
h3. Issue Summary
Security vulnerability scan gave a red flag for Spring Framework plugin version that is used in Bitbucket Server version 6.10.0. The CVE-2020-5398 is being noted from the report scan.
h3. Description
Plugin: Spring Framework 5.0.x < 5.0.16 / 5.1.x < 5.1.13 / 5.2.x < 5.2.3 Spring Framework Reflected File Download Vulnerability.
!spring1.PNG|thumbnail!
| CPE | Name | Operator | Version |
|---|---|---|---|
| bitbucket server | le | 6.10.0 | |
| bitbucket server | lt | 6.10.4 | |
| bitbucket server | lt | 7.0.0 |
Related
atlassian
atlassian
Spring Framework Vulnerability - CVE-2020-5398
2020-02-17 06:00:21
Update application links to 5.4.23 to fix CVE-2020-5398
2021-02-03 22:45:35
Update application links to 5.4.23 to fix CVE-2020-5398
2021-02-03 22:45:35
github
github
nvd
nvd
CVE-2020-5398
2020-01-17 00:15:12
nessus
nessus
MySQL Enterprise Monitor 4.0.x < 4.0.13.5350 / 8.0.x < 8.0.21.1243 (Jul 2020 CPU)
2020-07-17 00:00:00
Spring Framework 5.0.x < 5.0.16 / 5.1.x < 5.1.13 / 5.2.x < 5.2.3 Spring Framework Reflected File Download Vulnerability. (CVE-2020-5398)
2020-01-22 00:00:00
Oracle WebLogic Server Multiple Vulnerabilities (Jul 2020 CPU)
2020-07-17 00:00:00
cve
cve
CVE-2020-5398
2020-01-17 00:15:12
veracode
veracode
Reflected File Download
2020-01-17 03:59:26
cvelist
cvelist
osv
osv
RFD attack via Content-Disposition header sourced from request input by Spring MVC or Spring WebFlux Application
2020-01-21 20:59:09
CVE-2020-5398
2020-01-17 00:15:12
debiancve
debiancve
CVE-2020-5398
2020-01-17 00:15:12
redhatcve
redhatcve
CVE-2020-5398
2020-02-06 17:44:24
ubuntucve
ubuntucve
CVE-2020-5398
2020-01-17 00:00:00
prion
prion
Input validation
2020-01-17 00:15:00
checkpoint_advisories
checkpoint_advisories
Vmware Spring Framework Remote Code Execution (CVE-2020-5398)
2022-10-03 00:00:00
ibm
ibm
redhat
redhat
(RHSA-2020:5568) Important: Red Hat Fuse 7.8.0 release and security update
2020-12-16 12:07:05
oracle
oracle
Oracle Critical Patch Update Advisory - January 2021
2021-01-19 00:00:00
Oracle Critical Patch Update Advisory - July 2022
2022-07-19 00:00:00
Oracle Critical Patch Update Advisory - July 2021
2021-07-20 00:00:00