-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AIMiggo AIRoot Cause AnalysisThe vulnerability stems from missing SameSite cookie protections in session management configuration rather than specific functions. The patch modifies application.yml to set 'server.servlet.session.cookie.same-site: Lax', indicating the vulnerability was caused by cookie configuration at the framework level. No specific application logic functions are mentioned in vulnerability details or patches - the issue resides in Spring's session cookie handling behavior when not properly configured. The 'Current Vulnerable Functions' array in the advisory is empty, and the fix involves infrastructure configuration changes rather than modifying business logic functions.
JavaJava| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| com.ctrip.framework.apollo:apollo | maven | < 2.1.0 | 2.1.0 |
Ongoing coverage of React2Shell