CVE-2016-1000027 @ Maven-org.springframework:spring-webmvc-3.2.4.RELEASE #603
Labels
Comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
{{ message }}
Vulnerable Package issue exists @ Maven-org.springframework:spring-webmvc-3.2.4.RELEASE in branch main
org.springframework:spring, org.springframework:remoting, org.springframework:spring-web and org.springframework:webmvc suffer from a potential remote code execution (RCE) issue if used for Java deserialization of untrusted data. Depending on how the library is implemented within a product, this issue may or not occur, and authentication may be required. The vulnerable functions were deprecated in versions 5.3.x.
Namespace: cxronen
Repository: AST_BookStore
Repository Url: https://github.com/cxronen/AST_BookStore
CxAST-Project: cxronen/AST_BookStore
CxAST platform scan: 1dfa7500-ca95-4ace-923f-3cf597ff6d1c
Branch: main
Application: AST_BookStore
Severity: HIGH
State: NOT_IGNORED
Status: RECURRENT
CWE: CWE-502
Additional Info
Attack vector: NETWORK
Attack complexity: LOW
Confidentiality impact: HIGH
Availability impact: HIGH
Remediation Upgrade Recommendation: 5.3.0
References
Advisory
Issue
Issue
Other
Commit
The text was updated successfully, but these errors were encountered: