DSA-2504-1 libspring-2.5-java -- information disclosureID: oval:org.secpod.oval:def:600842 | Date: (C)2012-07-03 (M)2022-10-10 |
Class: PATCH | Family: unix |
It was discovered that the Spring Framework contains an information disclosure vulnerability in the processing of certain Expression Language patterns, allowing attackers to access sensitive information using HTTP requests. NOTE: This update adds a springJspExpressionSupport context parameter which must be manually set to false when the Spring Framework runs under a container which provides EL support itself.
Product: |
libspring-2.5-java |