| Vulnerable Component Details | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Type | Namespace | Name | Version | Package URL | |||||||||
| maven | org.springframework | spring-web | 5.3.10 | pkg:maven/org.springframework/spring-web@5.3.10?type=jar | |||||||||
| Vulnerability Details | |||||||||||||
| ID | CVE-2016-1000027 | ||||||||||||
| Description | Pivotal Spring Framework through 5.3.16 suffers from a potential remote code execution (RCE) issue if used for Java deserialization of untrusted data. Depending on how the library is implemented within a product, this issue may or not occur, and authentication may be required. NOTE: the vendor's position is that untrusted data is not an intended use case. The product's behavior will not be changed because some users rely on deserialization of trusted data. | ||||||||||||
| Ratings |
|
||||||||||||
| Found By | Sonotype OSS-Index | ||||||||||||
| References / Advisories |
|
||||||||||||
| Weakness Enumeration | |||||||||||||