CVE-2016-1000027
CVSS v3.1
9.8 (Critical)
CVSS v2.0
7.5 (High)
EPSS
2.44 % (90th)
Affected Products
1
Advisories
1
Pivotal Spring Framework through 5.3.16 suffers from a potential remote code execution (RCE) issue if used for Java deserialization of untrusted data. Depending on how the library is implemented within a product, this issue may or not occur, and authentication may be required. NOTE: the vendor's position is that untrusted data is not an intended use case. The product's behavior will not be changed because some users rely on deserialization of trusted data.
- CVE Status
- PUBLISHED
- CNA
- MITRE
- Published Date
-
2020-01-02 23:15:11
(4 years ago) - Updated Date
-
2023-04-20 09:15:07
(17 months ago)
Affected Products
Loading...
Loading...
Loading...
Configuration #1
|
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...