spring-webmvc is vulnerable to cross-domain requests. The vulnerability exists as JSONP is enabled through the jsonp
and callback
JSONP parameters in MappingJackson2JsonView by default.
www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
github.com/spring-projects/spring-framework/commit/874859493bbda59739c38c7e52eb3625f247b93a
github.com/spring-projects/spring-framework/commit/ac37b678a3ac9ee541a10e8ad74d612bb9ec5b88
lists.debian.org/debian-lts-announce/2021/04/msg00022.html
pivotal.io/security/cve-2018-11040
www.oracle.com/security-alerts/cpujan2020.html
www.oracle.com/security-alerts/cpujul2020.html
www.oracle.com/security-alerts/cpuoct2021.html
www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html
www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html