.avif)
View all vulnerabilities
CVE-2010-1622
Improper Control of Generation of Code ('Code Injection') in Spring Framework
Description
SpringSource Spring Framework 2.5.x before 2.5.6.SEC02, 2.5.7 before 2.5.7.SR01, and 3.0.x before 3.0.3 allows remote attackers to execute arbitrary code via an HTTP request containing `class.classLoader.URLs[0]=jar:` followed by a URL of a crafted .jar file.
Patch Available
Fix available through Seal Security. No upgrade required, protect your application instantly.
Fix without upgradingVulnerability Details
Score
Score Vector
Affected Versions
org.springframework:spring >= 2.5.0 < 2.5.7; org.springframework:spring >= 3.0.0 < 3.0.3
Severity
Ecosystem
Java
Publish Date
May 16, 2022
Modified Date
December 3, 2024