You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Quoting the relevant section of the alert (the link does not seem to work, as of 23 Oct 2018):
CVE-2015-5211 More information
high severity
Vulnerable versions: > 4.2.0, < 4.2.2
Patched version: 4.2.2
Under some situations, the Spring Framework 4.2.0 to 4.2.1, 4.0.0 to 4.1.7, 3.2.0 to 3.2.14 and older unsupported versions is vulnerable to a Reflected File Download (RFD) attack. The attack involves a malicious user crafting a URL with a batch script extension that results in the response being downloaded rather than rendered and also includes some input reflected in the response.
The text was updated successfully, but these errors were encountered:
GitHub has detected a potential security vulnerability related to the Spring Framework version, and recommended the following fix to the
pom.xml
file:Quoting the relevant section of the alert (the link does not seem to work, as of 23 Oct 2018):
The text was updated successfully, but these errors were encountered: