9.8
CVSS CVSS_V3
Status
Justification
Impact
This CVE is disputed by upstream Spring Framework developers: https://github.com/spring-projects/spring-framework/issues/24434#issuecomment-582313417. The Spring Framework provides an option to invoke ObjectInputStream (along with documented warnings). The presence of this capability in the Spring Framework doesn't represent a vulnerability.
Status
Impact
Remediating this CVE will require upgrading from Spring v5 to Spring v6, which is a major version increment with high risk. Awaiting for Upstream to migrate from Spring 5.3.x to 6.x
Status
Status
Fixed version
1.26.0-r2Status
Impact
Remediating this CVE will require upgrading from Spring v5 to Spring v6, which is a major version increment with high risk. Awaiting for Upstream to migrate from Spring 5.3.x to 6.x
Status