N/A

Spring Framework, versions 5.0.x prior to 5.0.7 and 4.3.x prior to 4.3.18 and older unsupported versions, allows web applications to enable cross-domain requests via JSONP (JSON with Padding) through AbstractJsonpResponseBodyAdvice for REST controllers and MappingJackson2JsonView for browser requests. Both are not enabled by default in Spring Framework nor Spring Boot, however, when MappingJackson2JsonView is configured in an application, JSONP support is automatically ready to use through the "jsonp" and "callback" JSONP parameters, enabling cross-domain requests.

N/A

N/A

Pivotal Spring Framework 安全漏洞

Pivotal Spring Framework是美国Pivotal Software公司的一套开源的Java、Java EE应用程序框架。该框架可帮助开发人员构建高质量的应用。 Pivotal Spring Framework 5.0.7之前的5.0.x版本、4.3.18之前的4.3.x版本和不再支持的更早版本中存在安全漏洞，该漏洞源于程序允许Web应用程序通过JSONP打开跨域的请求。攻击者可利用该漏洞将用户信息泄露到第三方浏览器脚本。

N/A

N/A