Launchpad.net

CVE 2016-1000027

Pivotal Spring Framework 4.1.4 suffers from a potential remote code execution (RCE) issue if used for Java deserialization of untrusted data. Depending on how the library is implemented within a product, this issue may or not occur, and authentication may be required.

See the CVE page on Mitre.org for more details.