[Checkmarx][OSA] CVE-2016-1000027 - Score 9.8 - org.springframework:spring-web:5.2.4.RELEASE
miguelfreitas93 opened this issue · comments
** Library Details **
Library ID: 075AF5E7826C6B80DAFF5A032D999260CAAD653D
Library Name: org.springframework:spring-web
Library Version: 5.2.4.RELEASE
Library Source File Name:
Library Confidence Level: 100
** Library Severity Details **
Library High Vulnerabilities: 0
Library Medium Vulnerabilities: 0
Library Low Vulnerabilities: 0
** CVE Details **
CVE Name: CVE-2016-1000027
CVE Score: 9.8
Severity: High
State: TO_VERIFY
CVE Publish Date: 2020-01-02T23:15:00
CVE URL: https://nvd.nist.gov/vuln/detail/CVE-2016-1000027
CVE Description: org.springframework:spring, org.springframework:remoting, org.springframework:spring-web and org.springframework:webmvc suffer from a potential remote code execution (RCE) issue if used for Java deserialization of untrusted data. Depending on how the library is implemented within a product, this issue may or not occur, and authentication may be required.
** Recommendations **
Library Newest Version: 5.2.7.RELEASE
Library Newest Version Release Date: 2020-06-09T07:25:46
Library Number of Versions Since Last Update: 3
Recommendations: Upgrade to 5.2.6.RELEASE
** Library Details **
Library ID: 075AF5E7826C6B80DAFF5A032D999260CAAD653D
Library Name: org.springframework:spring-web
Library Version: 5.2.4.RELEASE
Library Source File Name:
Library Confidence Level: 100
** Library Severity Details **
Library High Vulnerabilities: 0
Library Medium Vulnerabilities: 0
Library Low Vulnerabilities: 0
** CVE Details **
CVE Name: CVE-2016-1000027
CVE Score: 9.8
Severity: High
State: TO_VERIFY
CVE Publish Date: 2020-01-02T23:15:00
CVE URL: https://nvd.nist.gov/vuln/detail/CVE-2016-1000027
CVE Description: org.springframework:spring, org.springframework:remoting, org.springframework:spring-web and org.springframework:webmvc suffer from a potential remote code execution (RCE) issue if used for Java deserialization of untrusted data. Depending on how the library is implemented within a product, this issue may or not occur, and authentication may be required.
** Recommendations **
Library Newest Version: 5.2.7.RELEASE
Library Newest Version Release Date: 2020-06-09T07:25:46
Library Number of Versions Since Last Update: 3
Recommendations: Upgrade to 5.2.6.RELEASE
Library Details
Library ID: 075AF5E7826C6B80DAFF5A032D999260CAAD653D
Library Name: org.springframework:spring-web
Library Version: 5.2.4.RELEASE
Library Source File Name:
Library Confidence Level: 100
Library Severity Details
Library High Vulnerabilities: 0
Library Medium Vulnerabilities: 0
Library Low Vulnerabilities: 0
CVE Details
CVE Name: CVE-2016-1000027
CVE Score: 9.8
Severity: High
State: TO_VERIFY
CVE Publish Date: 2020-01-02T23:15:00
CVE URL: https://nvd.nist.gov/vuln/detail/CVE-2016-1000027
CVE Description: org.springframework:spring, org.springframework:remoting, org.springframework:spring-web and org.springframework:webmvc suffer from a potential remote code execution (RCE) issue if used for Java deserialization of untrusted data. Depending on how the library is implemented within a product, this issue may or not occur, and authentication may be required.
Recommendations
Library Newest Version: 5.2.7.RELEASE
Library Newest Version Release Date: 2020-06-09T07:25:46
Library Number of Versions Since Last Update: 3
Recommendations: Upgrade to 5.2.6.RELEASE
Library Details
Library ID: 075AF5E7826C6B80DAFF5A032D999260CAAD653D
Library Name: org.springframework:spring-web
Library Version: 5.2.4.RELEASE
Library Source File Name:
Library Confidence Level: 100
Library Severity Details
Library High Vulnerabilities: 0
Library Medium Vulnerabilities: 0
Library Low Vulnerabilities: 0
CVE Details
CVE Name: CVE-2016-1000027
CVE Score: 9.8
Severity: High
State: TO_VERIFY
CVE Publish Date: 2020-01-02T23:15:00
CVE URL: https://nvd.nist.gov/vuln/detail/CVE-2016-1000027
CVE Description: org.springframework:spring, org.springframework:remoting, org.springframework:spring-web and org.springframework:webmvc suffer from a potential remote code execution (RCE) issue if used for Java deserialization of untrusted data. Depending on how the library is implemented within a product, this issue may or not occur, and authentication may be required.
Recommendations
Library Newest Version: 5.2.7.RELEASE
Library Newest Version Release Date: 2020-06-09T07:25:46
Library Number of Versions Since Last Update: 3
Recommendations: Upgrade to 5.2.6.RELEASE
Library Details
Library ID: 075AF5E7826C6B80DAFF5A032D999260CAAD653D
Library Name: org.springframework:spring-web
Library Version: 5.2.4.RELEASE
Library Source File Name:
Library Confidence Level: 100
Library Severity Details
Library High Vulnerabilities: 0
Library Medium Vulnerabilities: 0
Library Low Vulnerabilities: 0
CVE Details
CVE Name: CVE-2016-1000027
CVE Score: 9.8
Severity: High
State: TO_VERIFY
CVE Publish Date: 2020-01-02T23:15:00
CVE URL: https://nvd.nist.gov/vuln/detail/CVE-2016-1000027
CVE Description: org.springframework:spring, org.springframework:remoting, org.springframework:spring-web and org.springframework:webmvc suffer from a potential remote code execution (RCE) issue if used for Java deserialization of untrusted data. Depending on how the library is implemented within a product, this issue may or not occur, and authentication may be required.
Recommendations
Library Newest Version: 5.2.7.RELEASE
Library Newest Version Release Date: 2020-06-09T07:25:46
Library Number of Versions Since Last Update: 3
Recommendations: Upgrade to 5.2.6.RELEASE
Library Details
Library ID: 075AF5E7826C6B80DAFF5A032D999260CAAD653D
Library Name: org.springframework:spring-web
Library Version: 5.2.4.RELEASE
Library Source File Name:
Library Confidence Level: 100
Library Severity Details
Library High Vulnerabilities: 0
Library Medium Vulnerabilities: 0
Library Low Vulnerabilities: 0
CVE Details
CVE Name: CVE-2016-1000027
CVE Score: 9.8
Severity: High
State: TO_VERIFY
CVE Publish Date: 2020-01-02T23:15:00
CVE URL: https://nvd.nist.gov/vuln/detail/CVE-2016-1000027
CVE Description: org.springframework:spring, org.springframework:remoting, org.springframework:spring-web and org.springframework:webmvc suffer from a potential remote code execution (RCE) issue if used for Java deserialization of untrusted data. Depending on how the library is implemented within a product, this issue may or not occur, and authentication may be required.
Recommendations
Library Newest Version: 5.2.7.RELEASE
Library Newest Version Release Date: 2020-06-09T07:25:46
Library Number of Versions Since Last Update: 3
Recommendations: Upgrade to 5.2.6.RELEASE
Library Details
Library ID: 075AF5E7826C6B80DAFF5A032D999260CAAD653D
Library Name: org.springframework:spring-web
Library Version: 5.2.4.RELEASE
Library Source File Name:
Library Confidence Level: 100
Library Severity Details
Library High Vulnerabilities: 0
Library Medium Vulnerabilities: 0
Library Low Vulnerabilities: 0
CVE Details
CVE Name: CVE-2016-1000027
CVE Score: 9.8
Severity: High
State: TO_VERIFY
CVE Publish Date: 2020-01-02T23:15:00
CVE URL: https://nvd.nist.gov/vuln/detail/CVE-2016-1000027
CVE Description: org.springframework:spring, org.springframework:remoting, org.springframework:spring-web and org.springframework:webmvc suffer from a potential remote code execution (RCE) issue if used for Java deserialization of untrusted data. Depending on how the library is implemented within a product, this issue may or not occur, and authentication may be required.
Recommendations
Library Newest Version: 5.2.7.RELEASE
Library Newest Version Release Date: 2020-06-09T07:25:46
Library Number of Versions Since Last Update: 3
Recommendations: Upgrade to 5.2.6.RELEASE
Library Details
Library ID: 075AF5E7826C6B80DAFF5A032D999260CAAD653D
Library Name: org.springframework:spring-web
Library Version: 5.2.4.RELEASE
Library Source File Name:
Library Confidence Level: 100
Library Severity Details
Library High Vulnerabilities: 0
Library Medium Vulnerabilities: 0
Library Low Vulnerabilities: 0
CVE Details
CVE Name: CVE-2016-1000027
CVE Score: 9.8
Severity: High
State: TO_VERIFY
CVE Publish Date: 2020-01-02T23:15:00
CVE URL: https://nvd.nist.gov/vuln/detail/CVE-2016-1000027
CVE Description: org.springframework:spring, org.springframework:remoting, org.springframework:spring-web and org.springframework:webmvc suffer from a potential remote code execution (RCE) issue if used for Java deserialization of untrusted data. Depending on how the library is implemented within a product, this issue may or not occur, and authentication may be required.
Recommendations
Library Newest Version: 5.2.7.RELEASE
Library Newest Version Release Date: 2020-06-09T07:25:46
Library Number of Versions Since Last Update: 3
Recommendations: Upgrade to 5.2.6.RELEASE
Library Details
Library ID: 075AF5E7826C6B80DAFF5A032D999260CAAD653D
Library Name: org.springframework:spring-web
Library Version: 5.2.4.RELEASE
Library Source File Name:
Library Confidence Level: 100
Library Severity Details
Library High Vulnerabilities: 0
Library Medium Vulnerabilities: 0
Library Low Vulnerabilities: 0
CVE Details
CVE Name: CVE-2016-1000027
CVE Score: 9.8
Severity: High
State: TO_VERIFY
CVE Publish Date: 2020-01-02T23:15:00
CVE URL: https://nvd.nist.gov/vuln/detail/CVE-2016-1000027
CVE Description: org.springframework:spring, org.springframework:remoting, org.springframework:spring-web and org.springframework:webmvc suffer from a potential remote code execution (RCE) issue if used for Java deserialization of untrusted data. Depending on how the library is implemented within a product, this issue may or not occur, and authentication may be required.
Recommendations
Library Newest Version: 5.2.7.RELEASE
Library Newest Version Release Date: 2020-06-09T07:25:46
Library Number of Versions Since Last Update: 3
Recommendations: Upgrade to 5.2.6.RELEASE
Library Details
Library ID: 075AF5E7826C6B80DAFF5A032D999260CAAD653D
Library Name: org.springframework:spring-web
Library Version: 5.2.4.RELEASE
Library Source File Name:
Library Confidence Level: 100
Library Severity Details
Library High Vulnerabilities: 0
Library Medium Vulnerabilities: 0
Library Low Vulnerabilities: 0
CVE Details
CVE Name: CVE-2016-1000027
CVE Score: 9.8
Severity: High
State: TO_VERIFY
CVE Publish Date: 2020-01-02T23:15:00
CVE URL: https://nvd.nist.gov/vuln/detail/CVE-2016-1000027
CVE Description: org.springframework:spring, org.springframework:remoting, org.springframework:spring-web and org.springframework:webmvc suffer from a potential remote code execution (RCE) issue if used for Java deserialization of untrusted data. Depending on how the library is implemented within a product, this issue may or not occur, and authentication may be required.
Recommendations
Library Newest Version: 5.2.7.RELEASE
Library Newest Version Release Date: 2020-06-09T07:25:46
Library Number of Versions Since Last Update: 3
Recommendations: Upgrade to 5.2.6.RELEASE
Library Details
Library ID: 075AF5E7826C6B80DAFF5A032D999260CAAD653D
Library Name: org.springframework:spring-web
Library Version: 5.2.4.RELEASE
Library Source File Name:
Library Confidence Level: 100
Library Severity Details
Library High Vulnerabilities: 0
Library Medium Vulnerabilities: 0
Library Low Vulnerabilities: 0
CVE Details
CVE Name: CVE-2016-1000027
CVE Score: 9.8
Severity: High
State: TO_VERIFY
CVE Publish Date: 2020-01-02T23:15:00
CVE URL: https://nvd.nist.gov/vuln/detail/CVE-2016-1000027
CVE Description: org.springframework:spring, org.springframework:remoting, org.springframework:spring-web and org.springframework:webmvc suffer from a potential remote code execution (RCE) issue if used for Java deserialization of untrusted data. Depending on how the library is implemented within a product, this issue may or not occur, and authentication may be required.
Recommendations
Library Newest Version: 5.2.7.RELEASE
Library Newest Version Release Date: 2020-06-09T07:25:46
Library Number of Versions Since Last Update: 3
Recommendations: Upgrade to 5.2.6.RELEASE
Library Details
Library ID: 075AF5E7826C6B80DAFF5A032D999260CAAD653D
Library Name: org.springframework:spring-web
Library Version: 5.2.4.RELEASE
Library Source File Name:
Library Confidence Level: 100
Library Severity Details
Library High Vulnerabilities: 0
Library Medium Vulnerabilities: 0
Library Low Vulnerabilities: 0
CVE Details
CVE Name: CVE-2016-1000027
CVE Score: 9.8
Severity: High
State: TO_VERIFY
CVE Publish Date: 2020-01-02T23:15:00
CVE URL: https://nvd.nist.gov/vuln/detail/CVE-2016-1000027
CVE Description: org.springframework:spring, org.springframework:remoting, org.springframework:spring-web and org.springframework:webmvc suffer from a potential remote code execution (RCE) issue if used for Java deserialization of untrusted data. Depending on how the library is implemented within a product, this issue may or not occur, and authentication may be required.
Recommendations
Library Newest Version: 5.2.7.RELEASE
Library Newest Version Release Date: 2020-06-09T07:25:46
Library Number of Versions Since Last Update: 3
Recommendations: Upgrade to 5.2.6.RELEASE
Vulnerability does not exist anymore
Vulnerability does not exist anymore