CVE-2018-1275: Improperly Implemented Security Check for Standard

April 11, 2018 (updated July 3, 2019)

Spring Framework allow applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to the broker that can lead to a remote code execution attack.

References

www.securityfocus.com/bid/103771
www.securitytracker.com/id/1041301
nvd.nist.gov/vuln/detail/CVE-2018-1275
pivotal.io/security/cve-2018-1275

Code Behaviors & Features

Detect and mitigate CVE-2018-1275 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →