Vmware Spring Integration vulnerabilities
2 known vulnerabilities affecting vmware/spring_integration.
Total CVEs
2
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL2
Vulnerabilities
Page 1 of 1
CVE-2020-5413CRITICALCVSS 9.8≥ 4.3.0, ≤ 4.3.22≥ 5.1.0, ≤ 5.1.11+2 more2020-07-31
CVE-2020-5413 [CRITICAL] CWE-502 CVE-2020-5413: Spring Integration framework provides Kryo Codec implementations as an alternative for Java (de)seri
Spring Integration framework provides Kryo Codec implementations as an alternative for Java (de)serialization. When Kryo is configured with default options, all unregistered classes are resolved on demand. This leads to the "deserialization gadgets" exploit when provided data contains malicious code for execution during deserialization. In order to
nvd
CVE-2019-3772CRITICALCVSS 9.8≤ 4.3.18≥ 5.0.0, ≤ 5.0.10+1 more2019-01-18
CVE-2019-3772 [CRITICAL] CWE-611 CVE-2019-3772: Spring Integration (spring-integration-xml and spring-integration-ws modules), versions 4.3.18, 5.0.
Spring Integration (spring-integration-xml and spring-integration-ws modules), versions 4.3.18, 5.0.10, 5.1.1, and older unsupported versions, were susceptible to XML External Entity Injection (XXE) when receiving XML data from untrusted sources.
nvd