GHSA-45vg-2v73-vm62
Suggest an improvement- Source
- https://github.com/advisories/GHSA-45vg-2v73-vm62
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2018/10/GHSA-45vg-2v73-vm62/GHSA-45vg-2v73-vm62.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-45vg-2v73-vm62
- Aliases
-
- CVE-2015-0201
- Published
- 2018-10-17T20:28:20Z
- Modified
- 2024-12-02T05:51:24.734486Z
- Summary
- Moderate severity vulnerability that affects org.springframework:spring-core
- Details
-
The Java SockJS client in Pivotal Spring Framework 4.1.x before 4.1.5 generates predictable session ids, which allows remote attackers to send messages to other sessions via unspecified vectors.
- Database specific
{ "cwe_ids": [], "severity": "MODERATE", "github_reviewed": true, "nvd_published_at": "2015-03-10T14:59:00Z", "github_reviewed_at": "2020-06-16T20:57:30Z" }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2015-0201
- https://github.com/spring-projects/spring-framework/commit/d63cfc8eebc396be009e733a81ebb4c984811f6e
- https://github.com/spring-projects/spring-framework/commit/dc5b5ca8ee09c890352f89b2dae58bc0132d6545
- https://github.com/advisories/GHSA-45vg-2v73-vm62
- https://github.com/spring-projects/spring-framework
- https://pivotal.io/security/cve-2015-0201
Affected packages
Maven / org.springframework:spring-core
Package
- Name
- org.springframework:spring-core
- View open source insights on deps.dev
- Purl
- pkg:maven/org.springframework/spring-core