Affects: \
All Spring 5 versions, including the latest 5.3.20 released on May 11th, are now flagged as vulnerable to remote code execution. The score of the vulnerability is 9.8.
https://nvd.nist.gov/vuln/detail/CVE-2016-1000027#range-7969608 https://nvd.nist.gov/vuln/detail/CVE-2016-1000027/cpes?expandCpeRanges=true
We have strict security requirements, all our builds started failing because of this. However, the description still lists versions up to 5.3.16 as vulnerable.
Are you aware of this issue, is there any fix pending?
Thanks, Mircea Stan
Comment From: bclozel
Duplicates #24434