admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2022-02-20 17:01:10 +00:00
parent ef58bc5711
commit c24d66282d
No known key found for this signature in database
GPG Key ID: 5708902F06FEF743
1 changed files with 11 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
2016/1000xxx/CVE-2016-1000027.json
View File

@ -34,7 +34,7 @@
"description_data": [
{
"lang": "eng",
"value": "Pivotal Spring Framework 4.1.4 suffers from a potential remote code execution (RCE) issue if used for Java deserialization of untrusted data. Depending on how the library is implemented within a product, this issue may or not occur, and authentication may be required."
"value": "Pivotal Spring Framework through 5.3.16 suffers from a potential remote code execution (RCE) issue if used for Java deserialization of untrusted data. Depending on how the library is implemented within a product, this issue may or not occur, and authentication may be required. NOTE: the vendor's position is that untrusted data is not an intended use case. The product's behavior will not be changed because some users rely on deserialization of trusted data."
}
]
},
@ -71,6 +71,16 @@
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-1000027",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-1000027"
},
{
"refsource": "MISC",
"name": "https://github.com/spring-projects/spring-framework/issues/24434#issuecomment-579669626",
"url": "https://github.com/spring-projects/spring-framework/issues/24434#issuecomment-579669626"
},
{
"refsource": "MISC",
"name": "https://github.com/spring-projects/spring-framework/issues/24434#issuecomment-582313417",
"url": "https://github.com/spring-projects/spring-framework/issues/24434#issuecomment-582313417"
}
]
}