Veracode Vulnerability DatabaseVERACODE:25945Remote Code Execution (RCE)
EPSS
Percentile
72.0%
Spring Integration Core is vulnerable to remote code execution (RCE). It accepts all unregistered classes on demand when Kryo is configured using default options, allowing a malicious class to be deserialized.
References
github.com/advisories/GHSA-86qr-9vqc-pgc6
github.com/spring-projects/spring-integration/compare/35ea2688cbdf2f1bc0af39a477c6c4986025e572...004527971bf42a295970f3a7cc2a4f33293302a6
github.com/spring-projects/spring-integration/compare/76bf66fa2c3e0fcf4f0e980b2ea9de2aac61775d...dd9977174fd772a8d51c2deb8144a3a107a3ce63
github.com/spring-projects/spring-integration/compare/c95e6dcc3b4c03570cb7d3065c8cecadd879a48a...99675f8693d08b27bcdc04a98281bd5c375005bb
github.com/spring-projects/spring-integration/compare/f095f94c7444d2fe9c701cda34fa3af47be85c5e...081b145843ace1b7c4444c4671b7ba472082c49e
github.com/spring-projects/spring-integration/releases
spring.io/blog/2020/07/22/spring-integration-4-3-23-5-1-12-5-2-8-5-3-2-avaialble-cve-2020-5413
tanzu.vmware.com/security/cve-2020-5413
www.oracle.com//security-alerts/cpujul2021.html
www.oracle.com/security-alerts/cpuApr2021.html
www.oracle.com/security-alerts/cpuapr2022.html
www.oracle.com/security-alerts/cpuoct2021.html
Related
