Multiple CVE reports published for the Spring Framework

随机文章
原文链接:spring.io

安全研究人员发现 Spring Framework 存在多个漏洞,其中有 RCE 漏洞!有用到相关 framework 的同学请尽快更新补丁。

CVE-2018-1270: Remote Code Execution with spring-messaging, it is rated as “Critical”. CVE-2018-1271: Directory Traversal with Spring MVC on Windows, it is rated as “High”. CVE-2018-1272: Multipart Content Pollution with Spring Framework, it is rated as “Low”.