advisory-database icon indicating copy to clipboard operation
advisory-database copied to clipboard
verified publisher icon github

[GHSA-ffvq-7w96-97p7] Denial of Service in Spring Framework

Open sunSUNQ opened this issue 1 year ago • 4 comments

Updates

  • References
  • Source code location

Comments Add source code location and patch links related to CVE-2018-15756.

sunSUNQ avatar Feb 27 '24 01:02 sunSUNQ

Hey @sunSUNQ, would you mind elaborating on why you think these commits are related to this advisory?

darakian avatar Mar 05 '24 22:03 darakian

The current vulnerability CVE-2018-15756 is related to https://github.com/spring-projects/spring-framework/issues/21851. Both the vulnerability descriptions and the handling of the "Range" header field are associated with SPR-17318. This is also related to https://github.com/spring-projects/spring-framework/commit/423aa28ed584b4ff6e5bad218c09beef5e91951e.

sunSUNQ avatar Mar 06 '24 03:03 sunSUNQ

The current vulnerability https://github.com/advisories/GHSA-ffvq-7w96-97p7 is related to https://github.com/spring-projects/spring-framework/issues/21851.

How do you make that connection?

darakian avatar Mar 06 '24 18:03 darakian

The https://jira.spring.io/browse/SPR-17318?redirect=false used can see the SPR-17318 is related to CVE-2018-15756, but now it can not be found. For this case, https://spring.io/security/cve-2018-15756 the range is Spring Framework 5.0.0 to 5.0.9 and Spring Framework 4.3 to 4.3.19. Therefore, I collected all the commits between versions 4.3.19 and 4.3.20, totaling 19 commits. Among them, only three commits satisfy the criteria of impacting the spring-webmvc component. These commits are: 044772641d12b9281185f6cf50f8485b8747132c, e978f90a19b7ae67ebc4883f4cec0868182c182a and e873004b524cacc392c949eb75f3a7b8677ed6af. Among them, the commit e978f90a19b7ae67ebc4883f4cec0868182c182a and e873004b524cacc392c949eb75f3a7b8677ed6af only modifies some insignificant characters. So the 044772641d12b9281185f6cf50f8485b8747132c is part of the patch, it mentions SPR-17318.

sunSUNQ avatar Mar 07 '24 12:03 sunSUNQ

Hello, I'm looking forward to your response.

sunSUNQ avatar Mar 21 '24 01:03 sunSUNQ

👋 This pull request has been marked as stale because it has been open with no activity. You can: comment on the issue or remove the stale label to hold stale off for a while, add the Keep label to hold stale off permanently, or do nothing. If you do nothing this pull request will be closed eventually by the stale bot. Please see CONTRIBUTING.md for more policy details.

taladrane avatar Apr 06 '24 00:04 taladrane