GHSA-CRQF-Q9FP-HWJW Spring-Kafka has Java Deserialization vulnerability When Improperly Configured

In Spring for Apache Kafka 3.0.9 and earlier and versions 2.9.10 and earlier, a possible deserialization attack vector existed, but only if unusual configuration was applied. An attacker would have to construct a malicious serialized object in one of the deserialization exception record headers...

Spring Framework 代码问题漏洞

Spring Framework is the U.S. Spring team of a set of open source Java, JavaEE application framework. The framework helps developers build high-quality applications. A security vulnerability exists in Spring Framework that stems from the presence of a deserialization vulnerability that allows the...

PT-2023-4776 · Spring · Spring For Apache Kafka

Name of the Vulnerable Software and Affected Versions: Spring for Apache Kafka versions 3.0.9 and earlier Spring for Apache Kafka versions 2.9.10 and earlier Description: The issue is related to a deserialization attack vector in Spring for Apache Kafka. An attacker would have to construct a...