Description
Package Name: org.springframework:spring-web
Package Version: ['3.2.6.RELEASE']
Package Manager: maven
Target File: todolist-goof/todolist-web-struts/pom.xml
Severity Level: high
Snyk ID: SNYK-JAVA-ORGSPRINGFRAMEWORK-30165
Snyk CVE: CVE-2015-5211
Snyk CWE: CWE-494
Link to issue in Snyk: https://app.snyk.io/org/rhicksiii91/project/f530e3b6-83fc-4cc6-824f-20af3ad31d3f
Snyk Description: ## Overview
org.springframework:spring-web package that provides a comprehensive programming and configuration model for modern Java-based enterprise applications - on any kind of deployment platform.
Affected versions of this package are vulnerable to Reflected File Download
via a crafted URL with a batch script extension, resulting in the response being downloaded rather than rendered.
Remediation
Upgrade org.springframework:spring-web to version 3.2.15.RELEASE, 4.1.8.RELEASE, 4.2.2.RELEASE or higher.