CVE-2020-5421

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2020-5421
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-5421.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2020-5421
Aliases
Downstream
Published
2020-09-19T04:15:11.527Z
Modified
2026-04-10T04:27:39.569040Z
Severity
  • 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:N CVSS Calculator
Summary
[none]
Details

In Spring Framework versions 5.2.0 - 5.2.8, 5.1.0 - 5.1.17, 5.0.0 - 5.0.18, 4.3.0 - 4.3.28, and older unsupported versions, the protections against RFD attacks from CVE-2015-5211 may be bypassed depending on the browser used through the use of a jsessionid path parameter.

References

Affected packages

Git / github.com/spring-projects/spring-framework

Affected ranges

Type
GIT
Repo
https://github.com/spring-projects/spring-framework
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
585be7120b3b70c8bff21d2d8e3933cc00486368
Introduced
f4f990b2c900a9b325fd0770d9064a188d073253
Fixed
6d274e0861c2895ad34acb9d32c78f3ee4d6429f
Introduced
f07eed2b28b4b51e4f2167f2ec6cd4d8bd9295ad
Fixed
c6dd9c6a86da98d0e8591b97d512d1c7e438763e
Introduced
927b8c15ef20eaaa4002d4b2170cc536a6d6aa35
Fixed
69921b49a5836e412ffcd1ea2c7e20d41f0c0fd6
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
abdcefb460fcbc1348ef04505a78381a2c69a643
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "4.3.29"
        },
        {
            "introduced": "5.0.0"
        },
        {
            "fixed": "5.0.19"
        },
        {
            "introduced": "5.1.0"
        },
        {
            "fixed": "5.1.18"
        },
        {
            "introduced": "5.2.0"
        },
        {
            "fixed": "5.2.9"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "3.2.0"
        }
    ]
}

Affected versions

v3.*
v3.2.0.M1
v3.2.0.M2
v3.2.0.RC1
v3.2.0.RC2-A
v3.2.0.RELEASE
v4.*
v4.0.0.M1
v4.0.0.M2
v4.0.0.M3
v4.0.0.RC1
v4.0.0.RC2
v5.*
v5.0.5.RELEASE

Database specific

unresolved_ranges 
[
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "11.3.2"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "11.3.0.9"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "12.0.0.3"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "7.3.4"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "7.3.5"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "7.4.0"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "8.2.1"
            },
            {
                "last_affected": "8.2.2.1"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "7.3.4"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "7.3.5"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "12.2.1.3.0"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "12.2.1.4.0"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "8.0.6"
            },
            {
                "last_affected": "8.1.0"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "12.0.0"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "12.1.0"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "12.2.1.3.0"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "12.2.1.4.0"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "19.1.0.0.0"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "4.0.2.5"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "11.1.2.4"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "11.1.0"
            },
            {
                "last_affected": "11.3.0"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "10.2"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "10.2.4"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "11.0.2"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "11.1.0"
            },
            {
                "last_affected": "11.3.0"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "10.2.0"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "10.2.4"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "11.0.2"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "8.0.22"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "8.0.23"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "16.2.0"
            },
            {
                "last_affected": "16.2.11"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "17.12.0"
            },
            {
                "last_affected": "17.12.9"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "18.8.0"
            },
            {
                "last_affected": "18.8.10"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "19.12.0"
            },
            {
                "last_affected": "19.12.10"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "16.1.0"
            },
            {
                "last_affected": "16.2.20"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "17.1.0"
            },
            {
                "last_affected": "17.12.19"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "18.1.0"
            },
            {
                "last_affected": "18.8.21"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "19.12.0"
            },
            {
                "last_affected": "19.12.10"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "16.0.3.0"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "16.0.3.0"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "16.0"
            },
            {
                "last_affected": "19.0"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "16.0"
            },
            {
                "last_affected": "19.0"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "14.1.3"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "15.0.3"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "16.0.3"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "14.1.3"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "15.0.3"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "16.0.3"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "14.0"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "14.1"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "16.0.3"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "15.0"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "16.0"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "14.1"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "14.1"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "14.1.3"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "15.0.3"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "16.0.3"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "15.0.4"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "16.0.6"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "17.0.4"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "18.0.3"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "19.0.2"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "8.5.1"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "2.3"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "10.3.6.0.0"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "12.1.3.0.0"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "12.2.1.3.0"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "12.2.1.4.0"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "14.1.1.0.0"
            }
        ]
    }
]
source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-5421.json"