Java Spring Framework vulnerabilities [CVE-2022-22963 and CVE-2022-22965]

April 6, 2022 Jason Davies 1726 Views 0 Comments CVE-2022-22963, CVE-2022-22965, Cyber Security, Java Spring Framework 0 min read

We are aware of two remote code execution vulnerabilities affecting the Java Spring Framework.

The Spring Framework is an open source application framework for the Java platform and is mainly used for building web applications on top of the Java Enterprise Edition platform. Spring.io is a subsidiary of VMWare.

CVE-2022-22965: Spring Framework RCE via Data Binding on JDK 9+ (aka Spring4Shell)

A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding.

This vulnerability affects Spring Framework 5.3.0 to 5.3.17, 5.2.0 to 5.2.19 and older, unsupported versions.

CVE-2022-22963: Java Spring Cloud Functions RCE

A remote code execution vulnerability (CVE-2022-22963) was discovered in Java Spring Cloud Functions versions 3.1.6, 3.2.2 and older unsupported versions.

Jason Davies

I am one of the editors here at www.systemtek.co.uk I am a UK based technology professional, with an interest in computer security and telecoms.

Java Spring Framework vulnerabilities [CVE-2022-22963 and CVE-2022-22965]

CVE-2022-22965: Spring Framework RCE via Data Binding on JDK 9+ (aka Spring4Shell)

CVE-2022-22963: Java Spring Cloud Functions RCE

Like this:

Related Posts

Jason Davies

Leave a ReplyCancel reply

CVE-2022-22965: Spring Framework RCE via Data Binding on JDK 9+ (aka Spring4Shell)

CVE-2022-22963: Java Spring Cloud Functions RCE

Share this:

Like this:

Related Posts

Jason Davies

Leave a ReplyCancel reply