How severe is CVE-2018-11040?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.5 out of 10.

What type of vulnerability is CVE-2018-11040?

This is classified as CWE-829, which is a common weakness in software security.

CVE-2018-11040 - HIGH Severity | CVSS 7.5

Vulnerability Description

Spring Framework, versions 5.0.x prior to 5.0.7 and 4.3.x prior to 4.3.18 and older unsupported versions, allows web applications to enable cross-domain requests via JSONP (JSON with Padding) through AbstractJsonpResponseBodyAdvice for REST controllers and MappingJackson2JsonView for browser requests. Both are not enabled by default in Spring Framework nor Spring Boot, however, when MappingJackson2JsonView is configured in an application, JSONP support is automatically ready to use through the "jsonp" and "callback" JSONP parameters, enabling cross-domain requests.

Related Vulnerabilities

CVE-2013-3321

HIGH

CVSS:7.5(High)

NetApp OnCommand System Manager 2.1 and earlier allows remote attackers to include arbitrary files through specially crafted requests to the "diagnostic" page using the SnapMirror log path parameter.

CWE-8292013

CVE-2020-10865

HIGH

CVSS:7.5(High)

An issue was discovered in Avast Antivirus before 20. The aswTask RPC endpoint for the TaskEx library in the Avast Service (AvastSvc.exe) allows attackers to make arbitrary changes to the Components s...

CWE-8292020

CVE-2021-41569

HIGH

CVSS:7.5(High)

SAS/Intrnet 9.4 build 1520 and earlier allows Local File Inclusion. The samples library (included by default) in the appstart.sas file, allows end-users of the application to access the sample.webcsf1...

CWE-8292021

CVE-2022-23630

HIGH

CVSS:7.5(High)

Gradle is a build tool with a focus on build automation and support for multi-language development. In some cases, Gradle may skip that verification and accept a dependency that would otherwise fail t...

CWE-8292022

CVE-2022-34121

HIGH

CVSS:7.5(High)

Cuppa CMS v1.0 was discovered to contain a local file inclusion (LFI) vulnerability via the component /templates/default/html/windows/right.php.

CWE-8292022

CVE-2024-3043

HIGH

CVSS:7.5(High)

An unauthenticated IEEE 802.15.4 'co-ordinator realignment' packet can be used to force Zigbee nodes to change their network identifier (pan ID), leading to a denial of service. This packet type is no...

CWE-8292024