Joe Lam created an issue |
Issue Type: |
Bug |
---|---|
Affects Versions: |
2.22.0 |
Assignee: |
Unassigned |
Created: |
07/Dec/22 6:46 PM |
Priority: |
High |
Reporter: |
https://nvd.nist.gov/vuln/detail/CVE-2016-1000027 Pivotal Spring Framework through 5.3.16 suffers from a potential remote code execution (RCE) issue if used for Java deserialization of untrusted data. Depending on how the library is implemented within a product, this issue may or not occur, and authentication may be required. NOTE: the vendor’s position is that untrusted data is not an intended use case. The product’s behavior will not be changed because some users rely on deserialization of trusted data. |
Get Jira notifications on your phone! Download the Jira Cloud app for Android or iOS |
|
This message was sent by Atlassian Jira (v1001.0.0-SNAPSHOT#100212-sha1:e499055) |