eclipse-hawkbit / hawkbit

Eclipse hawkBit™
https://projects.eclipse.org/projects/iot.hawkbit
Eclipse Public License 2.0
468 stars 190 forks source link

CVE-2016-1000027 Spring Framework RCE #1252

Open bdfkockmeyer opened 2 years ago

bdfkockmeyer commented 2 years ago

Scanning our Docker image file, we have found a vulnerability in the spring framework which is rated as critical.

More information about this CVE:

Could you please investigate and address this issue?

superkartoffel commented 2 years ago

Since Hawkbit does not use any HttpInvoker, I assume that it is not affected by this CVE.