Skip to content

Dependent component spring-beans is affected by the Spring Framework vulnerability CVE-2010-1622  #499

New issue
New issue
Open
Open
Dependent component spring-beans is affected by the Spring Framework vulnerability CVE-2010-1622 #499
@EchoLee117

Description

@EchoLee117
EchoLee117
opened on Mar 31, 2022

The problem of form binding in spring-framework is actually the bypass of CVE-2010-1622 vulnerability on high version jdk. In JDK 9 and above, the new module attribute can be exploited to bypass the repair logic of the previous CVE-2010-1622 vulnerability.

Are we going to do anything to solve this problem? thank you!

Affects Version/s: 2.7.17

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions