CVE-2023-20866

CVE-2023-20866

In Spring Session version 3.0.0, the session id can be logged to the standard output stream. This vulnerability exposes sensitive information to those who have access to the application logs and can be used for session hijacking. Specifically, an application is vulnerable if it is using HeaderHttpSessionIdResolver.

Source: CVE-2023-20866

답글 남기기

이메일 주소는 공개되지 않습니다. 필수 필드는 *로 표시됩니다