GeorgeAnson opened a new issue #690: URL: https://github.com/apache/rocketmq-externals/issues/690
The issue tracker is **ONLY** used for bug report and feature request. Any question or RocketMQ proposal please use our [mailing lists](http://rocketmq.apache.org/about/contact/). Pivotal Software Spring Framework 5.2.3之前的5.2.x版本、5.1.13之前的5.1.x版本和5.0.16之前的5.0.x版本中存在反射型文件下载漏洞漏洞。远程攻击者可通过实施反射型文件下载(RFD)攻击利用该漏洞获取敏感信息。 1. Please describe the issue you observed: - What did you do (The steps to reproduce)? - What did you expect to see? - What did you see instead? 2. Please tell us about your environment: 3. Other information (e.g. detailed explanation, logs, related issues, suggestions how to fix, etc): 存在位置:/rocketmq-console-ng.jar(BOOT-INF/lib/spring-core-5.2.2.RELEASE.jar) 命中版本:spring version less than 5.2.3、spring version more than equals 5.2.0 1. Please describe the feature you are requesting. 2. Provide any additional detail on your proposed use case for this feature. 2. Indicate the importance of this issue to you (blocker, must-have, should-have, nice-to-have). Are you currently using any workarounds to address this issue? 4. If there are some sub-tasks using -[] for each subtask and create a corresponding issue to map to the sub task: - [sub-task1-issue-number](example_sub_issue1_link_here): sub-task1 description here, - [sub-task2-issue-number](example_sub_issue2_link_here): sub-task2 description here, - ... ---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: [email protected]
