DirectorySecurity Advisories
Sign In
Security Advisories

CGA-8r49-hfc8-c22c

Published

Last updated

https://images.chainguard.dev/security/CGA-8r49-hfc8-c22c
Package

jenkins

Latest Update
Not affected
Aliases
  • CVE-2016-1000027
  • GHSA-4wrc-f8pq-fpqp

Severity

9.8

Critical

CVSS V3

Summary

Pivotal Spring Framework contains unsafe Java deserialization methods

Description

Pivotal Spring Framework before 6.0.0 suffers from a potential remote code execution (RCE) issue if used for Java deserialization of untrusted data. Depending on how the library is implemented within a product, this issue may or not occur, and authentication may be required.

Maintainers recommend investigating alternative components or a potential mitigating control. Version 4.2.6 and 3.2.17 contain enhanced documentation advising users to take precautions against unsafe Java deserialization, version 5.3.0 deprecate the impacted classes and version 6.0.0 removed it entirely.

References

Updates


Safe Source for Open Sourceâ„¢
Media KitContact Us
© 2024 Chainguard. All Rights Reserved.
Private PolicyTerms of Use

Product

Chainguard Images