Page Comparison

...

• Running JDK 9 or higher

• Apache Tomcat as the Servlet container

• Packaged as WAR

• spring-webmvc or spring-webflux dependency:

  • Uses Spring MVC (5.3.15 and at least down to 4.3.0, possibly further)

• Endpoint using @RequestMapping, aka. Spring parameter binding

• Request parameter is of type object which maps to a POJO

  • Vulnerable: @NotNull DataObject data

  • Not vulnerable: @NotNull String string

...