CVE-2018-1270 — Spring Framework allows applications to expose STOMP over WebSocket endpoints

Description

Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to the broker that can lead to a remote code execution attack.

How to fix CVE-2018-1270

To remediate CVE-2018-1270, upgrade the affected package to a fixed version below.

—upgrade to 4.3.19-1 or later
—upgrade to 5.0.5.RELEASE or later

Is CVE-2018-1270 being exploited?

Likely — EPSS is 90.0%, placing CVE-2018-1270 in the top tier of vulnerabilities by exploitation probability. Prioritise patching.

Affected packages (2)

from 0, < 4.3.19-1
>= 5.0.0.RELEASE, < 5.0.5.RELEASE

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	CRITICAL9.8	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References (21)

ADVISORYnvd.nist.gov/vuln/detail/CVE-2018-1270
ADVISORYsecurity-tracker.debian.org/tracker/CVE-2018-1270
PATCHgithub.com/spring-projects/spring-framework
WEBaccess.redhat.com/errata/RHSA-2018:2939