CVE-2019-3795 @ Maven-org.springframework.security:spring-security-core-3.2.4.RELEASE #27
Labels
Comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Vulnerable Package issue exists @ Maven-org.springframework.security:spring-security-core-3.2.4.RELEASE in branch main
Spring Security before version 4.2.12, 5.0.x prior to 5.0.12, and 5.1.x prior to 5.1.5 contain an insecure randomness vulnerability when using SecureRandomFactoryBean#setSeed to configure a SecureRandom instance. In order to be impacted, an honest application must provide a seed and make the resulting random material available to an attacker for inspection.
Namespace: james-bostock-cx
Repository: astlab2
Repository Url: https://github.com/james-bostock-cx/astlab2
CxAST-Project: james-bostock-cx/astlab2
CxAST platform scan: 2ada010b-ce16-4ef9-b4ff-c3caea471eb3
Branch: main
Application: astlab2
Severity: MEDIUM
State: NOT_IGNORED
Status: RECURRENT
CWE: CWE-332
Addition Info
Attack vector: NETWORK
Attack complexity: LOW
Confidentiality impact: LOW
Availability impact: NONE
Remediation Upgrade Recommendation: 4.2.16.RELEASE
References
Issue
Advisory
Commit
The text was updated successfully, but these errors were encountered: