CVE-2022-22965 and CVE-2022-22963 vulnerabilities

Two distinct spring project vulnerabilities where released recently with critical CVSS score and classified as zero-Day attacks.

The two vulnerabilities are currently known as :
CVE-2022-22965 or Spring4Shell:
A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application is deployed as a Spring Boot executable jar, i.e. the default, it is …

cve cve-2022-22963 cve-2022-22965 vulnerabilities