VIVO Documentation
Old Release
This documentation relates to an old version of VIVO, version 1.12.x.
Looking for another version? See all documentation.
On March 30th, 2022, a 0-day exploit in the popular Java framework was discovered that results in Remote Code Execution (RCE) via data binding.
More about this vulnerability might be found at https://spring.io/blog/2022/03/31/spring-framework-rce-early-announcement.
The VIVO core source is not a Spring framework-based application, but there is dependency on spring-beans and spring-context in [VIVO]/api/pom.xml.