Description

Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.16 and older unsupported versions, allow applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to the broker that can lead to a remote code execution attack. This CVE addresses the partial fix for CVE-2018-1270 in the 4.3.x branch of the Spring Framework.

Mitigation

We recommend upgrading to a version of this component that is not vulnerable to this specific issue.

Related links:

• http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-1275

• http://www.polaris-lab.com/index.php/archives/501/

• https://chybeta.github.io/2018/04/07/spring-messaging-Remote-Code-Execution-%E5%88%86%E6%9E%90-%E3%80%90CVE-2018-1270%E3%80%91/

• https://jira.spring.io/browse/SPR-16588

• https://jira.spring.io/browse/SPR-16703