VYPR

Maven package

org.springframework.integration/spring-integration-core

pkg:maven/org.springframework.integration/spring-integration-core

Vulnerabilities (1)

  • CVE-2020-5413Jul 31, 2020
    affected >= 4.3.0, < 4.3.23fixed 4.3.23

    Spring Integration framework provides Kryo Codec implementations as an alternative for Java (de)serialization. When Kryo is configured with default options, all unregistered classes are resolved on demand. This leads to the "deserialization gadgets" exploit when provided data con