Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9.8
CVE-2020-5413
- EPSS 2.18%
- Published 31.07.2020 20:15:13
- Last modified 21.11.2024 05:34:07
Spring Integration framework provides Kryo Codec implementations as an alternative for Java (de)serialization. When Kryo is configured with default options, all unregistered classes are resolved on demand. This leads to the "deserialization gadgets" ...
9.8
CVE-2019-3772
- EPSS 2.17%
- Published 18.01.2019 22:29:00
- Last modified 21.11.2024 04:42:29
Spring Integration (spring-integration-xml and spring-integration-ws modules), versions 4.3.18, 5.0.10, 5.1.1, and older unsupported versions, were susceptible to XML External Entity Injection (XXE) when receiving XML data from untrusted sources.
1