View Issue Details

IDProjectCategoryView StatusLast Update
0006039SymmetricDSBugpublic2023-10-25 17:09
Reporteredahern Assigned To 
Status closedResolutionfixed 
Product Version3.14.6 
Target Version3.15.0Fixed in Version3.15.0 
Summary0006039: CVE-2016-1000027 - /opt/symmetric-server/web/WEB-INF/lib/spring-web-5.3.27.jar
DescriptionA critical issue was found with symmetricDS and its use of spring-web 5.3.27. See details below.

cve: CVE-2016-1000027
severity: critical
packageName: spring-web
packageType: jar
packageVersion: 5.3.27
fixedVersion: 6.0.0
platforms: amd64
link: ,
packagePath : /opt/symmetric-server/web/WEB-INF/lib/spring-web-5.3.27.jar
baseLayerVulnerability: False
tags: nvd-status(modified)

Steps To ReproduceScan image using AquaScan or twistlock.
Additional Information ,



2023-10-25 17:08

developer   ~0002392

SymmetricDS 3.15.0 uses Java 17 and Spring version 6, so upgrading would get rid of this.

We are also not using the vulnerable Spring classes in 3.14, so there should be no issue using 3.14, but if you want to get it off the scanner, you can upgrade to 3.15.0.

Issue History

Date Modified Username Field Change
2023-10-20 09:05 edahern New Issue
2023-10-20 09:05 edahern Tag Attached: security
2023-10-25 17:08 cquamme Note Added: 0002392
2023-10-25 17:09 cquamme Status new => closed
2023-10-25 17:09 cquamme Resolution open => fixed
2023-10-25 17:09 cquamme Fixed in Version => 3.15.0