VYPR

Spring Flex

by Spring Projects

CVEs (1)

  • CVE-2017-3203HigJun 11, 2018
    risk 0.53cvss 8.1epss 0.06

    The Java implementations of AMF3 deserializers in Pivotal/Spring Spring-flex derive class instances from java.io.Externalizable rather than the AMF3 specification's recommendation of flash.utils.IExternalizable. A remote attacker with the ability to spoof or control an RMI…