CVE-2020-5421: Remote file disclosure

September 19, 2020 (updated September 30, 2020)

In Spring Framework the protections against RFD attacks from CVE-2015-5211 may be bypassed depending on the browser used through the use of a jsessionid path parameter.

References

nvd.nist.gov/vuln/detail/CVE-2020-5421
tanzu.vmware.com/security/cve-2020-5421

Code Behaviors & Features

Detect and mitigate CVE-2020-5421 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →