CVE-2020-5398
RFD attack via Content-Disposition header sourced from request input by Spring MVC or Spring WebFlux Application
7.5
HIGH
CVSS 3.1
EPSS 90.2%
Description
In Spring Framework, versions 5.2.x prior to 5.2.3, versions 5.1.x prior to 5.1.13, and versions 5.0.x prior to 5.0.16, an application is vulnerable to a reflected file download (RFD) attack when it sets a "Content-Disposition" header in the response where the filename attribute is derived from user supplied input.
How to fix CVE-2020-5398
To remediate CVE-2020-5398, upgrade the affected package to a fixed version below.
- —upgrade to 5.2.3.RELEASE or later
- —upgrade to 5.2.3.RELEASE or later
Is CVE-2020-5398 being exploited?
Likely — EPSS is 90.2%, placing CVE-2020-5398 in the top tier of vulnerabilities by exploitation probability. Prioritise patching.
Affected packages (2)
- >= 5.2.0.RELEASE, < 5.2.3.RELEASE
- >= 5.2.0.RELEASE, < 5.2.3.RELEASE
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH7.5 | CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H |
References (47)
- ADVISORYnvd.nist.gov/vuln/detail/CVE-2020-5398
- PATCHgithub.com/spring-projects/spring-framework
- WEBgithub.com/spring-projects/spring-framework/commit/41f40c6c229d3b4f768718f1ec229d8f0ad76d76
- WEBlists.apache.org/thread.html/r028977b9b9d44a89823639aa3296fb0f0cfdd76b4450df89d3c4fbbf@%3Cissues.karaf.apache.org%3E