https://bugzilla.redhat.com/show_bug.cgi?id=1799475
Bug ID: 1799475 Summary: CVE-2020-5398 springframework: RFD attack via Content-Disposition Header sourced from request input by Spring MVC or Spring WebFlux Application Product: Security Response Hardware: All OS: Linux Status: NEW Component: vulnerability Keywords: Security Severity: high Priority: high Assignee: security-response-team@redhat.com Reporter: gsuckevi@redhat.com CC: aileenc@redhat.com, akoufoud@redhat.com, alazarot@redhat.com, almorale@redhat.com, anstephe@redhat.com, chazlett@redhat.com, dblechte@redhat.com, dfediuck@redhat.com, dingyichen@gmail.com, drieden@redhat.com, eedri@redhat.com, esammons@redhat.com, etirelli@redhat.com, extras-orphan@fedoraproject.org, ggaughan@redhat.com, gvarsami@redhat.com, hvyas@redhat.com, ibek@redhat.com, janstey@redhat.com, java-sig-commits@lists.fedoraproject.org, jcoleman@redhat.com, jochrist@redhat.com, jolee@redhat.com, jross@redhat.com, jschatte@redhat.com, jstastny@redhat.com, jwon@redhat.com, kconner@redhat.com, krathod@redhat.com, kverlaen@redhat.com, ldimaggi@redhat.com, lef@fedoraproject.org, mcressma@redhat.com, mgoldboi@redhat.com, michal.skrivanek@redhat.com, mnovotny@redhat.com, nwallace@redhat.com, paradhya@redhat.com, pjindal@redhat.com, puebele@redhat.com, puntogil@libero.it, rrajasek@redhat.com, rsynek@redhat.com, rwagner@redhat.com, sbonazzo@redhat.com, sdaley@redhat.com, sherold@redhat.com, sisharma@redhat.com, tcunning@redhat.com, tkirby@redhat.com, vbellur@redhat.com, vhalbert@redhat.com, yturgema@redhat.com Target Milestone: --- Classification: Other
In Spring Framework, versions 5.2.x prior to 5.2.3, versions 5.1.x prior to 5.1.13, and versions 5.0.x prior to 5.0.16, an application is vulnerable to a reflected file download (RFD) attack when it sets a "Content-Disposition" header in the response where the filename attribute is derived from user supplied input.
Reference: https://pivotal.io/security/cve-2020-5398