CVE-2013-6430 Medium Severity Vulnerability detected by WhiteSource #40
Labels
security vulnerability
Security vulnerability detected by WhiteSource
Comments
mend-bolt-for-github
bot
added
the
security vulnerability
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
CVE-2013-6430 - Medium Severity Vulnerability
null
path: /root/.m2/repository/org/springframework/spring-web/3.1.1.RELEASE/spring-web-3.1.1.RELEASE.jar,2/repository/org/springframework/spring-web/3.1.1.RELEASE/spring-web-3.1.1.RELEASE.jar
Dependency Hierarchy:
Found in HEAD commit: 23068bfa8fba8e934988efafc64fa2cf0fdb8462
It was found that the org.spring.web.util.JavaScriptUtils.javaScriptEscape method insufficiently escaped some characters.
Applications using this method to escape user-supplied content that will be rendered in HTML 5 documents may expose cross-site scripting (XSS) flaws.
Publish Date: 2013-09-12
URL: CVE-2013-6430
Base Score Metrics not available
Type: Change files
Origin: spring-projects/spring-framework@7a7df66
Release Date: 2013-02-15
Fix Resolution: Replace or update the following files: JavaScriptUtils.java, JavaScriptUtilsTests.java
Step up your Open Source Security Game with WhiteSource here
The text was updated successfully, but these errors were encountered: