Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Reject CVE-2016-1000027 #5949

Closed
wants to merge 1 commit into from
Closed

Reject CVE-2016-1000027 #5949

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
61 changes: 3 additions & 58 deletions 2016/1000xxx/CVE-2016-1000027.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,30 +2,7 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-1000027",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
"STATE": "REJECT"
},
"data_format": "MITRE",
"data_type": "CVE",
Expand All @@ -34,44 +11,12 @@
"description_data": [
{
"lang": "eng",
"value": "Pivotal Spring Framework through 5.3.16 suffers from a potential remote code execution (RCE) issue if used for Java deserialization of untrusted data. Depending on how the library is implemented within a product, this issue may or not occur, and authentication may be required. NOTE: the vendor's position is that untrusted data is not an intended use case. The product's behavior will not be changed because some users rely on deserialization of trusted data."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
"value": " ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: None. Reason: This candidate is a duplicate of [CVE-2011-2894]. Notes: All CVE users should reference [CVE-2011-2894] instead of this candidate. All descriptions in this candidate have been removed to prevent accidental usage. References have been kept for historical purposes."
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.tenable.com/security/research/tra-2016-20",
"refsource": "MISC",
"name": "https://www.tenable.com/security/research/tra-2016-20"
},
{
"refsource": "MISC",
"name": "https://raw.githubusercontent.com/distributedweaknessfiling/cvelist/master/2016/1000xxx/CVE-2016-1000027.json",
"url": "https://raw.githubusercontent.com/distributedweaknessfiling/cvelist/master/2016/1000xxx/CVE-2016-1000027.json"
},
{
"url": "https://security-tracker.debian.org/tracker/CVE-2016-1000027",
"refsource": "MISC",
"name": "https://security-tracker.debian.org/tracker/CVE-2016-1000027"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-1000027",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-1000027"
},
{
"refsource": "MISC",
"name": "https://github.com/spring-projects/spring-framework/issues/24434#issuecomment-579669626",
Expand All @@ -84,4 +29,4 @@
}
]
}
}
}