Loading...

XML

Word

Printable

Details

Type: Task
Resolution: Done
Priority: Neutral
Fix Version/s: 3.5.1
Affects Version/s: None
Component/s: None
Labels:
- security

Template:
Acceptance criteria:

Empty

show more show less
Task DoR:

Empty

show more show less
Release notes required:

Yes

Description

https://nvd.nist.gov/vuln/detail/CVE-2016-1000027

"Pivotal Spring Framework through 5.3.16 suffers from a potential remote code execution (RCE) issue if used for Java deserialization of untrusted data. Depending on how the library is implemented within a product, this issue may or not occur, and authentication may be required. NOTE: the vendor's position is that untrusted data is not an intended use case. The product's behavior will not be changed because some users rely on deserialization of trusted data."

One or more dependencies were identified with known vulnerabilities in Blossom sample webapp:
spring-core-5.3.19.jar (pkg:maven/org.springframework/spring-core@5.3.19, cpe:2.3:a:pivotal_software:spring_framework:5.3.19:*:*:*:*:*:*:*, cpe:2.3:a:springsource:spring_framework:5.3.19:*:*:*:*:*:*:*, cpe:2.3:a:vmware:spring_framework:5.3.19:*:*:*:*:*:*:*, cpe:2.3:a:vmware:springsource_spring_framework:5.3.19:*:*:*:*:*:*:*) : CVE-2016-1000027

Checklists

Acceptance criteria

Attachments

Activity

People

Assignee:: Federico Grilli

Reporter:: Federico Grilli

Team:: Foundation

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 20/May/22 8:48 AM

Updated:: 23/May/22 10:10 AM

Resolved:: 23/May/22 9:34 AM

Checklists

Task DoR