Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

咨询下,Mapper 4.3.0是否受Spring-bean的漏洞CVE-2022-22965的影响,如果受影响,会不会升级配套版本出4.3.1 #932

Open
Mrliu1102 opened this issue Feb 18, 2025 · 1 comment
Open

咨询下,Mapper 4.3.0是否受Spring-bean的漏洞CVE-2022-22965的影响,如果受影响,会不会升级配套版本出4.3.1 #932

Mrliu1102 opened this issue Feb 18, 2025 · 1 comment

Comments

@Mrliu1102
Copy link

Mrliu1102 commented Feb 18, 2025
edited
Loading

1、spring-framework中的表单绑定的问题,实际是CVE-2010-1622漏洞在高版本jdk上的绕过。在JDK 9及以上的版本中,新增module属性可以被利用从而绕过了之前CVE-2010-1622漏洞的修复逻辑。
2、受影响的spring版本是5.3.0~5.3.18,mapper配套的spring-beans 5.3.16版本
@abel533 abel533 pinned this issue Feb 18, 2025
@galaxy-sea
Copy link
Collaborator

galaxy-sea commented Feb 19, 2025
edited
Loading

hello @Mrliu1102CVE-2022-22965并不会影响到mapper,您的项目可以将spring-beans升级到高版本。

参考

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@Mrliu1102 @galaxy-sea