漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
N/A
Vulnerability Description
An issue was discovered in Pivotal Spring Web Flow through 2.4.5. Applications that do not change the value of the MvcViewFactoryCreator useSpringBinding property which is disabled by default (i.e., set to 'false') can be vulnerable to malicious EL expressions in view states that process form submissions but do not have a sub-element to declare explicit data binding property mappings. NOTE: this issue exists because of an incomplete fix for CVE-2017-4971.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Pivotal Spring Web Flow 安全漏洞
Vulnerability Description
Pivotal Spring Web Flow是美国Pivotal Software公司的一款Web应用程序,可提供登机手续办理、贷款申请或购物车结算等导航。 Pivotal Spring Web Flow 2.4.5及之前的版本中存在安全漏洞。攻击者可利用该漏洞绕过安全限制,执行未授权的操作。
CVSS Information
N/A
Vulnerability Type
N/A