Note to readers

This publication does not currently meet the Government of Canada's Web Standards. The information remains valid.

Pivotal Spring security update

Number: AV18-037
Date: 06 March 2018

Purpose

The purpose of this advisory is to bring attention to a Pivotal Spring Security Update.

Assessment

Pivotal Spring has released updates to address security vulnerabilities in various Spring web application products. Exploitation of these vulnerabilities may allow execution of arbitrary commands on web applications built using Spring Data REST.

Affected Versions:
- Spring Data REST versions prior to 2.5.12, 2.6.7, 3.0 RC3
- Spring Boot versions prior to 2.0.0M4
- Spring Data release trains prior to Kay-RC3

Suggested Action

CCIRC recommends that system administrators test and deploy the vendor-released updates to affected applications accordingly.

References:

https://pivotal.io/security/cve-2017-8046
https://lgtm.com/blog/spring_data_rest_CVE-2017-8046

Date modified: