CVE-2021-22060 @ Maven-org.springframework:spring-core-3.2.4.RELEASE

**Checkmarx \(SCA\):** Vulnerable Package
**Vulnerability:** [Read More ](https://devhub.checkmarx.com/cve-details/CVE-2021-22060) about CVE-2021-22060
**Checkmarx Project:** [igorlombacx/astlab2](https://deu.ast.checkmarx.net/projects/2088ac94-d47a-4ac1-aa2d-2d71ab40925d/overview?branch=main)
**Repository URL:** [https://github.com/igorlombacx/astlab2](https://github.com/igorlombacx/astlab2)
**Branch:** main
**Severity:** MEDIUM
**State:** TO_VERIFY
**Status:** RECURRENT
**Scan ID:** [8caf1d69\-ab69\-4064\-888d\-abb555c4ebdc](https://deu.ast.checkmarx.net/projects/2088ac94-d47a-4ac1-aa2d-2d71ab40925d/scans?id=8caf1d69-ab69-4064-888d-abb555c4ebdc&branch=main)


----
In Spring Framework versions 5.2.x before 5.2.19.RELEASE, 5.3.x before 5.3.14 and older unsupported versions, it is possible for a user to provide malicious input to cause the insertion of additional log entries. This is a follow-up to CVE-2021-22096 that protects against additional types of input and in more places of the Spring Framework codebase.





----
**Additional Info**
**Attack vector:** NETWORK
**Attack complexity:** LOW
**Confidentiality impact:** NONE
**Availability impact:** NONE
**Remediation Upgrade Recommendation:** 4.0.0.M3


Provide feedback

Saved searches

Use saved searches to filter your results more quickly

CVE-2021-22060 @ Maven-org.springframework:spring-core-3.2.4.RELEASE #50

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

CVE-2021-22060 @ Maven-org.springframework:spring-core-3.2.4.RELEASE #50

Description

Metadata

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Issue actions