CVE
CVE-2016-1000027
| CVE ID |
CVE-2016-1000027
|
|---|---|
| CVSS Score |
9.8
|
| Operating System | |
| Affected Versions | |
| Patched Versions |
5.3.42-OL
|
| Patch Date |
|
| Last Updated Date | |
| Vector String |
Additional Information
NVD Listing: NVD - CVE-2016-1000027
Pivotal Spring Framework through 5.3.16 suffers from a potential remote code execution (RCE) issue if used for Java deserialization of untrusted data. Depending on how the library is implemented within a product, this issue may or not occur, and authentication may be required. NOTE: the vendor's position is that untrusted data is not an intended use case. The product's behavior will not be changed because some users rely on deserialization of trusted data