Maven package
org.springframework.integration/spring-integration-core
pkg:maven/org.springframework.integration/spring-integration-core
Vulnerabilities (1)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2020-5413 | — | >= 4.3.0, < 4.3.23 | 4.3.23 | Jul 31, 2020 | Spring Integration framework provides Kryo Codec implementations as an alternative for Java (de)serialization. When Kryo is configured with default options, all unregistered classes are resolved on demand. This leads to the "deserialization gadgets" exploit when provided data con |
- CVE-2020-5413Jul 31, 2020affected >= 4.3.0, < 4.3.23fixed 4.3.23
Spring Integration framework provides Kryo Codec implementations as an alternative for Java (de)serialization. When Kryo is configured with default options, all unregistered classes are resolved on demand. This leads to the "deserialization gadgets" exploit when provided data con