Pivotal Spring Framework (spring, spring-remoting, spring-web, spring-webmvc) before 6.0.0 suffers from a potential remote code execution (RCE) issue if used for Java deserialization of untrusted data. Depending on how the library is implemented within a product, this issue may or not occur, and authentication may be required.
CRITICAL Vulnerable Package issue exists @ org.springframework:spring-webmvc in branch master
itsKedar
commented
6 months ago
Description
Pivotal Spring Framework (spring, spring-remoting, spring-web, spring-webmvc) before 6.0.0 suffers from a potential remote code execution (RCE) issue if used for Java deserialization of untrusted data. Depending on how the library is implemented within a product, this issue may or not occur, and authentication may be required.
CRITICAL Vulnerable Package issue exists @ org.springframework:spring-webmvc in branch master
Vulnerability ID: CVE-2016-1000027
Package Name: org.springframework:spring-webmvc
Severity: CRITICAL
CVSS Score: 9.8
Publish Date: 2020-01-02T23:15:00
Current Package Version: 5.3.13
Remediation Upgrade Recommendation: 6.0.7
Link To SCA
Reference – NVD link