VYPR

Maven package

org.springframework.flex/spring-flex

pkg:maven/org.springframework.flex/spring-flex

Vulnerabilities (1)

  • CVE-2017-3203HigJun 11, 2018
    affected <= 1.5.2.RELEASE

    The Java implementations of AMF3 deserializers in Pivotal/Spring Spring-flex derive class instances from java.io.Externalizable rather than the AMF3 specification's recommendation of flash.utils.IExternalizable. A remote attacker with the ability to spoof or control an RMI server