[
https://issues.apache.org/jira/browse/RANGER-4038?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Himanshu Maurya updated RANGER-4038:
------------------------------------
Description: Pivotal Spring Framework through 5.3.16 suffers from a
potential remote code execution (RCE) issue if used for Java deserialization of
untrusted data. Depending on how the library is implemented within a product,
this issue may or not occur, and authentication may be required. (was: Pivotal
Spring Framework through 5.3.16 suffers from a potential remote code execution
(RCE) issue if used for Java deserialization of untrusted data. Depending on
how the library is implemented within a product, this issue may or not occur,
and authentication may be required. NOTE: the vendor's position is that
untrusted data is not an intended use case. The product's behavior will not be
changed because some users rely on deserialization of trusted data.)
> Upgrade springframework.version (spring-core) from 5.3.23 to 6.0.0
> ------------------------------------------------------------------
>
> Key: RANGER-4038
> URL: https://issues.apache.org/jira/browse/RANGER-4038
> Project: Ranger
> Issue Type: Bug
> Components: Ranger
> Reporter: Himanshu Maurya
> Assignee: Himanshu Maurya
> Priority: Major
>
> Pivotal Spring Framework through 5.3.16 suffers from a potential remote code
> execution (RCE) issue if used for Java deserialization of untrusted data.
> Depending on how the library is implemented within a product, this issue may
> or not occur, and authentication may be required.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
