Query on CVE-2020-5421

classic Classic list List threaded Threaded
2 messages Options
vbm vbm
Reply | Threaded
Open this post in threaded view
|

Query on CVE-2020-5421

Hi,

Is the CVE-2020-5421 <https://nvd.nist.gov/vuln/detail/CVE-2020-5421>  
applicable to Ignite ?

I have a doubt whether it is applicable to only spring-web package
(https://mvnrepository.com/artifact/org.springframework/spring-web) or to
all the springframework  packages.

 
Regards,
Vishwas



--
Sent from: http://apache-ignite-users.70518.x6.nabble.com/
Vladimir Pligin Vladimir Pligin
Reply | Threaded
Open this post in threaded view
|

Re: Query on CVE-2020-5421

This issue is definitely web-oriented. It's about the 'Content-Disposition'
custom HTTP header which raised a big deal of concerns about security itself
over time. As far as I currently understand it affects only web part(s) of
Spring, more particularly spring-webmvc. It's not being used by Ignite. So I
suppose it's safe to think that Ignite is not affected by that one.



--
Sent from: http://apache-ignite-users.70518.x6.nabble.com/