CVE-2017-12881 — Spring Batch Admin vulnerable to Cross-site request forgery (CSRF) in the file u

Description

Cross-site request forgery (CSRF) vulnerability in the Spring Batch Admin before 1.3.0 allows remote attackers to hijack the authentication of unspecified victims and submit arbitrary requests, such as exploiting the file upload vulnerability.

How to fix CVE-2017-12881

To remediate CVE-2017-12881, upgrade the affected package to a fixed version below.

—upgrade to 1.3.0.RELEASE or later

Is CVE-2017-12881 being exploited?

Low — EPSS is 0.2%, meaning exploitation activity has not been observed at scale.

Affected packages (1)

from 0, < 1.3.0.RELEASE

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	HIGH8.8	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References (3)

ADVISORYnvd.nist.gov/vuln/detail/CVE-2017-12881
PATCHgithub.com/spring-attic/spring-batch-admin
WEBwww.openwall.com/lists/oss-security/2017/08/16/5