Skip to content

[🐸 Frogbot] Update version of org.springframework:spring-web to 6.1.14#3

Open
github-actions[bot] wants to merge 1 commit into
masterfrom
frogbot-org.springframework_spring-web-1a067f4a57e46e2459234e6ca8a3cfaa
Open

[🐸 Frogbot] Update version of org.springframework:spring-web to 6.1.14#3
github-actions[bot] wants to merge 1 commit into
masterfrom
frogbot-org.springframework_spring-web-1a067f4a57e46e2459234e6ca8a3cfaa

Conversation

@github-actions

Copy link
Copy Markdown

🚨 This automated pull request was created by Frogbot and fixes the below:

📦 Vulnerable Dependencies

Severity ID Contextual Analysis Direct Dependencies Impacted Dependency Fixed Versions
medium
Medium
CVE-2024-38820 Not Covered org.springframework:spring-web:5.3.39 org.springframework:spring-web 5.3.39 [6.1.14]

🔖 Details

Vulnerability Details

Contextual Analysis: Not Covered
Direct Dependencies: org.springframework:spring-web:5.3.39
Impacted Dependency: org.springframework:spring-web:5.3.39
Fixed Versions: [6.1.14]
CVSS V3: 5.3

The fix for CVE-2022-22968 made disallowedFields patterns in DataBinder case insensitive. However, String.toLowerCase() has some Locale dependent exceptions that could potentially result in fields not protected as expected.


Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant