The Java SockJS client in Pivotal Spring Framework 4.1.x before 4.1.5 generates predictable session ids, which allows remote attackers to send messages to other sessions via unspecified vectors.
github.com/advisories/GHSA-45vg-2v73-vm62
github.com/spring-projects/spring-framework
github.com/spring-projects/spring-framework/commit/d63cfc8eebc396be009e733a81ebb4c984811f6e
github.com/spring-projects/spring-framework/commit/dc5b5ca8ee09c890352f89b2dae58bc0132d6545
nvd.nist.gov/vuln/detail/CVE-2015-0201
pivotal.io/security/cve-2015-0201