Unknown · Spring Session · CVE-2023-20866
**Name of the Vulnerable Software and Affected Versions**
Spring Session version 3.0.0
**Description**
The session id can be logged to the standard output stream, exposing sensitive information to those who have access to the application logs. This can be used for session hijacking, specifically in applications using `HeaderHttpSessionIdResolver`.
**Recommendations**
For Spring Session version 3.0.0, consider disabling the `HeaderHttpSessionIdResolver` to minimize the risk of exploitation until a patch is available. Restrict access to application logs to prevent unauthorized access to sensitive session information.