VULNERABILITY UPDATE: Vulnerabilities Confirmed in Spring Core and Spring Cloud


Userlevel 6
Badge

For those of you that have been following along with the Spring4Shell saga at home, yesterday, CVE-2022-22965 was assigned and published for the critical remote code execution vulnerability in Spring Framework dubbed “Spring4Shell.”

A patch was also released by Spring - so upgrade to Spring Framework 5.3.18 or 5.2.20 as soon as possible to remediate CVE-2022-22965. Additional details on the patch and workarounds for those unable to patch immediately can be found on the Spring Blog post.

Read all of the past updates about Spring4Shell on the Automox blog: https://www.automox.com/blog/spring-cloud-core-vulnerabilities


0 replies

Be the first to reply!

Reply