Help Net Security
In this video for Help Net Security, Ax Sharma, Senior Security Researcher at Sonatype, talks about the latest developments regarding Spring4Shell, the unauthenticated RCE zero-day vulnerability in Spring Core whose existence has finally been confirmed by its developers. Spring4Shell has been catalogued as CVE-2022-22965 and fixed in Spring Framework 5.3.18 and 5.2.20, and Spring Boot (which depends on the Spring Framework) 2.5.12 and 2.6.6. “The vulnerability impacts Spring MVC and Spring WebFlux applications running on … More
The post Spring4Shell: New info and fixes (CVE-2022-22965) appeared first on Help Net Security.
Read the original article: