Lucene search

K

Veracode Vulnerability DatabaseVERACODE:6269

HistoryMay 10, 2018 - 7:02 a.m.

Regular Expression Denial Of Service (ReDoS)

2018-05-1007:02:28

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

9

0.002 Low

EPSS

Percentile

51.5%

spring-messaging is vulnerable to regular expression denial of service (ReDoS) attacks. A malicious user can pass a message to an in-memory STOMP broker that can cause a ReDoS.

CPENameOperatorVersion
spring messagingle4.3.16.RELEASE
spring messagingle5.0.5.RELEASE
spring messagingle4.3.16.RELEASE
spring messagingle5.0.5.RELEASE

References

www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html

www.securityfocus.com/bid/104260

access.redhat.com/errata/RHSA-2018:1809

access.redhat.com/errata/RHSA-2018:3768

jira.spring.io/browse/SPR-16732

pivotal.io/security/cve-2018-1257

www.oracle.com/security-alerts/cpujan2020.html

www.oracle.com/security-alerts/cpujul2020.html

www.oracle.com/security-alerts/cpuoct2021.html

www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html

www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html

www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html

0.002 Low

EPSS

Percentile

51.5%

Related for VERACODE:6269

cve1 redhatcve1 github1 debiancve1 prion1 nvd1 ubuntucve1 cvelist1 osv2 f51 redhat2 ibm3 nessus2 oracle7