### [CVE-2016-1000027](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1000027)
![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)

### Description

Pivotal Spring Framework through 5.3.16 suffers from a potential remote code execution (RCE) issue if used for Java deserialization of untrusted data. Depending on how the library is implemented within a product, this issue may or not occur, and authentication may be required. NOTE: the vendor's position is that untrusted data is not an intended use case. The product's behavior will not be changed because some users rely on deserialization of trusted data.

### POC

#### Reference
No PoCs from references.

#### Github
- https://github.com/ACIS-Chindanai/vahom
- https://github.com/ARPSyndicate/cvemon
- https://github.com/IkerSaint/VULNAPP-vulnerable-app
- https://github.com/Live-Hack-CVE/CVE-2016-1000
- https://github.com/Live-Hack-CVE/CVE-2016-1000027
- https://github.com/NicheToolkit/rest-toolkit
- https://github.com/OSCKOREA-WORKSHOP/NEXUS-Firewall
- https://github.com/OWASP/www-project-ide-vulscanner
- https://github.com/PalindromeLabs/Java-Deserialization-CVEs
- https://github.com/artem-smotrakov/cve-2016-1000027-poc
- https://github.com/au-abd/python-stuff
- https://github.com/au-abddakkak/python-stuff
- https://github.com/brunorozendo/simple-app
- https://github.com/cezapata/appconfiguration-sample
- https://github.com/checktor/quality-assurance-parent
- https://github.com/ckatzorke/owasp-suppression
- https://github.com/fernandoreb/dependency-check-springboot
- https://github.com/glenhunter/test-sab3
- https://github.com/hepaces89/httpInvokerServiceExporterRCE
- https://github.com/junxiant/xnat-aws-monailabel
- https://github.com/pctF/vulnerable-app
- https://github.com/scordero1234/java_sec_demo-main
- https://github.com/sr-monika/sprint-rest
- https://github.com/tina94happy/Spring-Web-5xx-Mitigated-version
- https://github.com/wtaxco/wtax-build-support
- https://github.com/yangliu138/container-cicd-demo
- https://github.com/yihtserns/spring-web-without-remoting