View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0005848 | SymmetricDS | Bug | public | 2023-05-19 17:24 | 2023-10-03 23:00 |
| Reporter | cliang | Assigned To | elong | ||
| Priority | high | ||||
| Status | closed | Resolution | fixed | ||
| Product Version | 3.14.0 | ||||
| Target Version | 3.14.8 | Fixed in Version | 3.14.8 | ||
| Summary | 0005848: Security Vulnerbility in Spring Framework | ||||
| Description | CVE-2023-20861 In Spring Framework versions 6.0.0 - 6.0.6, 5.3.0 - 5.3.25, 5.2.0.RELEASE - 5.2.22.RELEASE, and older unsupported versions, it is possible for a user to provide a specially crafted SpEL expression that may cause a denial-of-service (DoS) condition. Fix available: fixed in 5.3.26 CVE-2023-20860 Spring Framework running version 6.0.0 - 6.0.6 or 5.3.0 - 5.3.25 using '**' as a pattern in Spring Security configuration with the mvcRequestMatcher creates a mismatch in pattern matching between Spring Security and Spring MVC, and the potential for a security bypass. Fix available: fixed in 5.3.26 | ||||
| Tags | No tags attached. | ||||
|
SymmetricDS: 3.14 e7ac59d8 2023-05-23 12:36:54 Details Diff |
0005848: upgrade spring |
Affected Issues 0005848 |
|
| mod - symmetric-assemble/common.gradle | Diff File | ||
|
SymmetricDS: 3.15 7da446f1 2023-05-23 12:36:54 Details Diff |
0005848: upgrade spring |
Affected Issues 0005848 |
|
| mod - symmetric-assemble/common.gradle | Diff File | ||
| Date Modified | Username | Field | Change |
|---|---|---|---|
| 2023-05-19 17:24 | cliang | New Issue | |
| 2023-05-23 12:32 | elong | Issue cloned: 0005857 | |
| 2023-05-23 12:32 | elong | Relationship added | related to 0005857 |
| 2023-05-23 12:34 | elong | Assigned To | => elong |
| 2023-05-23 12:34 | elong | Status | new => assigned |
| 2023-05-23 12:34 | elong | Product Version | 3.14.7 => 3.14.0 |
| 2023-05-23 12:34 | elong | Target Version | => 3.14.8 |
| 2023-05-23 12:34 | elong | Summary | Security Vulnerbility in Spring Framework, h2 and golang.org/x/text => Security Vulnerbility in Spring Framework |
| 2023-05-23 12:34 | elong | Description Updated | View Revisions |
| 2023-05-23 12:37 | elong | Status | assigned => resolved |
| 2023-05-23 12:37 | elong | Resolution | open => fixed |
| 2023-05-23 12:37 | elong | Fixed in Version | => 3.14.8 |
| 2023-05-23 13:00 | admin | Changeset attached | => SymmetricDS 3.14 e7ac59d8 |
| 2023-07-19 12:58 | admin | Status | resolved => closed |
| 2023-10-03 23:00 | admin | Changeset attached | => SymmetricDS 3.15 7da446f1 |