Description
Spring Framework 3.0.0 through 3.0.5, Spring Security 3.0.0 through 3.0.5 and 2.0.0 through 2.0.6, and possibly other versions deserialize objects from untrusted sources, which allows remote attackers to bypass intended security restrictions and execute untrusted code by (1) serializing a java.lang.Proxy instance and using InvocationHandler, or (2) accessing internal AOP interfaces, as demonstrated using deserialization of a DefaultListableBeanFactory instance to execute arbitrary commands via the java.lang.Runtime class.
Remediation
References
http://osvdb.org/75263
http://securityreason.com/securityalert/8405
http://www.redhat.com/support/errata/RHSA-2011-1334.html
http://www.securityfocus.com/archive/1/519593/100/0/threaded
http://www.securityfocus.com/bid/49536
http://www.springsource.com/security/cve-2011-2894
https://exchange.xforce.ibmcloud.com/vulnerabilities/69687
https://web.archive.org/web/20120307233721/http://www.springsource.com/security/cve-2011-2894
Related Vulnerabilities
CVE-2020-28455 Vulnerability in npm package markdown-it-toc
CVE-2022-29251 Vulnerability in maven package org.xwiki.platform:xwiki-platform-flamingo-theme-ui
CVE-2019-12399 Vulnerability in maven package org.apache.kafka:kafka
CVE-2023-36472 Vulnerability in npm package @strapi/utils
CVE-2021-23346 Vulnerability in npm package html-parse-stringify2