all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

New Spring Framework RCE Vulnerability Confirmed - What to do?

Add to bookmarks
March 30, 2022, 7:56 p.m. | iturunen@sonatype.com (Ilkka Turunen)

Sonatype Blog blog.sonatype.com




Last update: Monday 4 April 16:00 BST - Guidance for Sonatype customers, tweaks


Fri 1 Apr 11.00 BST - Guidance for Sonatype customers, clarified conditions of known exploits, evidence of mass scanning


Thu 31 Mar 16.56 BST - patches released, CURL and Search syntax added, CVSS and CVE added, updated artifact ID, known vulnerable methods, what to expect, mitigations


Sonatype Customers: We have published Find and Fix Spring4shell in our documentation


Early Wednesday morning (GMT), allegations began to appear on …

component vulnerabilities devzone featured framework rce spring spring framework vulnerability

Visit resource

More from blog.sonatype.com / Sonatype Blog

DevOps pioneers navigate organizational transformation 6 days, 6 hours ago | blog.sonatype.com
depth devops devops transformation download +13
Devs flood npm with 15,000 packages to reward themselves with Tea 'tokens' 1 week, 1 day ago | blog.sonatype.com
cases dependency dependency confusion flood +19
The essential duo of SCA and SBOM management 1 week, 5 days ago | blog.sonatype.com
application application security attacks duo +16
Automating and maintaining SBOMs 2 weeks, 5 days ago | blog.sonatype.com
artifact automation bill components +11
CVE-2024-3094 The targeted backdoor supply chain attack against XZ and liblzma 3 weeks, 2 days ago | blog.sonatype.com
attack attacks backdoor bank +26
CVE-2024-3094 The targeted backdoor supply chain attack against XZ and libzma 3 weeks, 2 days ago | blog.sonatype.com
attack attacks backdoor bank +26
SBOM, VDR, and Maven: Transforming the Apache Logging experience to a common pattern 3 weeks, 5 days ago | blog.sonatype.com
apache cyclonedx devzone experience +14
Cyber readiness and SBOMs 4 weeks, 1 day ago | blog.sonatype.com
academic academic research advanced bills +22
Open source ML/AI models: attackers' next target 1 month ago | blog.sonatype.com
ai models apps art attackers +14

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

SOC 2 Manager, Audit and Certification

@ Deloitte | US and CA Multiple Locations
View on infosec-jobs.com

EY GDS Internship Program - SAP, Cyber, IT Consultant or Finance Talents with German language

@ EY | Wrocław, DS, PL, 50-086
View on infosec-jobs.com

Security Architect - 100% Remote (REF1604S)

@ Citizant | Chantilly, VA, United States
View on infosec-jobs.com

Network Security Engineer - Firewall admin (f/m/d)

@ Deutsche Börse | Prague, CZ
View on infosec-jobs.com

Junior Cyber Solutions Consultant

@ Dionach | Glasgow, Scotland, United Kingdom
View on infosec-jobs.com

Senior Software Engineer (Cryptography), Bitkey

@ Block | New York City, United States
View on infosec-jobs.com
View more jobs