CVE-2016-1000027
CVE-2016-1000027
| Published Date | 2025-10-06 |
|---|---|
| Product | spring-framework |
| Severity | Critical (9.8) |
| Component | spring-web |
| Affected Versions | <=5.3.41 |
| Patched Versions | 5.3.42-OL |
CVE Details
NVD Listing: NVD - CVE-2016-1000027
Pivotal Spring Framework through 5.3.16 suffers from a potential remote code execution (RCE) issue if used for Java deserialization of untrusted data. Depending on how the library is implemented within a product, this issue may or not occur, and authentication may be required. NOTE: the vendor's position is that untrusted data is not an intended use case. The product's behavior will not be changed because some users rely on deserialization of trusted data