[Geoserver-devel] [JIRA] (GEOS-10772) Spring Core RCE Vulnerability CVE-2016-1000027

Wed, 07 Dec 2022 09:46:52 -0800 

Joe Lam ( 
https://osgeo-org.atlassian.net/secure/ViewProfile.jspa?accountId=6390cf0ffde064eda2f27535
 ) *created* an issue

GeoServer ( 
https://osgeo-org.atlassian.net/browse/GEOS?atlOrigin=eyJpIjoiZTU4NGRlZGUyNjE0NDVlZmIxNTgwYzc0ZGI3NGUyYWUiLCJwIjoiaiJ9
 ) / Bug ( 
https://osgeo-org.atlassian.net/browse/GEOS-10772?atlOrigin=eyJpIjoiZTU4NGRlZGUyNjE0NDVlZmIxNTgwYzc0ZGI3NGUyYWUiLCJwIjoiaiJ9
 ) GEOS-10772 ( 
https://osgeo-org.atlassian.net/browse/GEOS-10772?atlOrigin=eyJpIjoiZTU4NGRlZGUyNjE0NDVlZmIxNTgwYzc0ZGI3NGUyYWUiLCJwIjoiaiJ9
 ) Spring Core RCE Vulnerability CVE-2016-1000027 ( 
https://osgeo-org.atlassian.net/browse/GEOS-10772?atlOrigin=eyJpIjoiZTU4NGRlZGUyNjE0NDVlZmIxNTgwYzc0ZGI3NGUyYWUiLCJwIjoiaiJ9
 )

Issue Type: Bug Affects Versions: 2.22.0 Assignee: Unassigned Created: 
07/Dec/22 6:46 PM Priority: High Reporter: Joe Lam ( 
https://osgeo-org.atlassian.net/secure/ViewProfile.jspa?accountId=6390cf0ffde064eda2f27535
 )

https://nvd.nist.gov/vuln/detail/CVE-2016-1000027 ( 
https://nvd.nist.gov/vuln/detail/CVE-2016-1000027 )

Pivotal Spring Framework through 5.3.16 suffers from a potential remote code 
execution (RCE) issue if used for Java deserialization of untrusted data. 
Depending on how the library is implemented within a product, this issue may or 
not occur, and authentication may be required. NOTE: the vendor's position is 
that untrusted data is not an intended use case. The product's behavior will 
not be changed because some users rely on deserialization of trusted data.

( 
https://osgeo-org.atlassian.net/browse/GEOS-10772#add-comment?atlOrigin=eyJpIjoiZTU4NGRlZGUyNjE0NDVlZmIxNTgwYzc0ZGI3NGUyYWUiLCJwIjoiaiJ9
 ) Add Comment ( 
https://osgeo-org.atlassian.net/browse/GEOS-10772#add-comment?atlOrigin=eyJpIjoiZTU4NGRlZGUyNjE0NDVlZmIxNTgwYzc0ZGI3NGUyYWUiLCJwIjoiaiJ9
 )

Get Jira notifications on your phone! Download the Jira Cloud app for Android ( 
https://play.google.com/store/apps/details?id=com.atlassian.android.jira.core&referrer=utm_source%3DNotificationLink%26utm_medium%3DEmail
 ) or iOS ( 
https://itunes.apple.com/app/apple-store/id1006972087?pt=696495&ct=EmailNotificationLink&mt=8
 ) This message was sent by Atlassian Jira (v1001.0.0-SNAPSHOT#100212- 
sha1:e499055 )
_______________________________________________
Geoserver-devel mailing list
Geoserver-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geoserver-devel














    











					Reply via email to