CVE-2017-8039
NONE EPSS 57.3%
Published Nov 27, 20178y ago · Modified Jun 17, 20262w ago
Published Nov 27, 2017 8y ago
Last Modified Jun 17, 2026 2w ago
Description
An issue was discovered in Pivotal Spring Web Flow through 2.4.5. Applications that do not change the value of the MvcViewFactoryCreator useSpringBinding property which is disabled by default (i.e., set to 'false') can be vulnerable to malicious EL expressions in view states that process form submissions but do not have a sub-element to declare explicit data binding property mappings. NOTE: this issue exists because of an incomplete fix for CVE-2017-4971.
Threat Intelligence
EPSS Exploit Probability
57.3% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available
Weaknesses 1
CWE-1188
Affected Products 5
References 2
- securityfocus.com http://www.securityfocus.com/bid/100849
- pivotal.io https://pivotal.io/security/cve-2017-8039
Remediation
No remediation data recorded yet
Check vendor advisories and the NVD entry for patch availability.