中文描述:

Spring Framework是Spring开源的一款应用开发框架。 Spring Framework 6.2.0版本至6.2.11版本、6.1.0版本至6.1.23版本、6.0.x版本至6.0.29版本和5.3.0版本至5.3.45版本存在安全漏洞，该漏洞源于STOMP over WebSocket应用程序可能存在安全绕过，可能导致发送未经授权的消息。

英文描述:

STOMP over WebSocket applications may be vulnerable to a security bypass that allows an attacker to send unauthorized messages. Affected Spring Products and VersionsSpring Framework: * 6.2.0 - 6.2.11 * 6.1.0 - 6.1.23 * 6.0.x - 6.0.29 * 5.3.0 - 5.3.45 * Older, unsupported versions are also affected. MitigationUsers of affected versions should upgrade to the corresponding fixed version. Affected version(s)Fix versionAvailability6.2.x6.2.12OSS6.1.x6.1.24 Commercial https://enterprise.spring.io/ 6.0.xN/A Out of support https://spring.io/projects/spring-framework#support 5.3.x5.3.46 Commercial https://enterprise.spring.io/ No further mitigation steps are necessary. CreditThis vulnerability was discovered and responsibly reported by Jannis Kaiser.

CWE类型:

标签:

中文解决方案:

英文解决方案:

临时解决方案:

发布时间:

修改时间:

创建时间:

更新时间:

当前版本: v3

主要语言: EN

支持语言: