Spring4Shell: New info and fixes (CVE-2022-22965)

This article has been indexed from

In this video for Help Net Security, Ax Sharma, Senior Security Researcher at Sonatype, talks about the latest developments regarding Spring4Shell, the unauthenticated RCE zero-day vulnerability in Spring Core whose existence has finally been confirmed by its developers. Spring4Shell has been catalogued as CVE-2022-22965 and fixed in Spring Framework 5.3.18 and 5.2.20, and Spring Boot (which depends on the Spring Framework) 2.5.12 and 2.6.6. “The vulnerability impacts Spring MVC and Spring WebFlux applications running on … More →

The post Spring4Shell: New info and fixes (CVE-2022-22965) appeared first on Help Net Security.