Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to the broker that can lead to a remote code execution attack.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: dell

Published: 2018-04-06T13:00:00Z

Updated: 2024-09-16T19:05:05.139Z

Reserved: 2017-12-06T00:00:00

Link: CVE-2018-1270

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2018-04-06T13:29:00.453

Modified: 2024-11-21T03:59:30.477

Link: CVE-2018-1270

cve-icon Redhat

Severity : Critical

Publid Date: 2018-04-05T00:00:00Z

Links: CVE-2018-1270 - Bugzilla