CVE-2017-4971: Remote Code Execution Vulnerability in the Spring Web Flow Framework

CVE-2017-4971: Remote Code Execution Vulnerability in the Spring Web Flow Framework

|
Earlier this year, we approached Pivotal with a vulnerability disclosure relating to the Spring Web Flow framework caused by an unvalidated data binding SpEL expression that makes applications built using the framework vulnerable to remote code execution (RCE) attacks if configured with default values. This vulnerability was recently made public ... Read More