all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

New Spring Framework RCE  Vulnerability Confirmed – What to do?

Add to bookmarks
March 30, 2022, 7:56 p.m. | Ilkka Turunen

Security Boulevard securityboulevard.com




Early Wednesday morning (GMT), allegations began to appear on the internet about a new remote code execution flaw that affects Spring Core. This vulnerability, dubbed by some as "Springshell"  in the community, is a new, previously unknown security vulnerability. 


Exclamation Circle icon  NOTE: A separate Spring vulnerability CVE-2021-22963 (High) disclosed a few days ago impacts Spring Cloud Function. This is a Spring Expression language SpEL vulnerability in Spring Cloud Function and is NOT related to "Springshell" that impacts Spring Core. …

component vulnerabilities devzone featured framework rce spring vulnerability

Visit resource

More from securityboulevard.com / Security Boulevard

What is Network Pen Testing? 6 hours ago | securityboulevard.com
assessment attack cyber cyber security +27
RSAC 2024 Innovation Sandbox | The Future Frontline: Harmonic Security’s Data Protection in the AI … 8 hours ago | securityboulevard.com
benchmark blog conference cybersecurity +22
How to Migrate from FedRAMP Rev 4 to FedRAMP Rev 5 10 hours ago | securityboulevard.com
can development evolution fedramp +9
NodeZero: Testing for Exploitability of Palo Alto Networks CVE-2024-3400 12 hours ago | securityboulevard.com
advisory alto april cve +18
USENIX Security ’23 – LibScan: Towards More Precise Third-Party Library Identification for Android Applications 15 hours ago | securityboulevard.com
access android applications authors +20
N.A. Developers Optimistic About Generative AI and Code Security 15 hours ago | securityboulevard.com
ai security america can cloud security +34
Defending Against ArcaneDoor: How Eclypsium Protects Network Devices 15 hours ago | securityboulevard.com
actor adaptive security arcanedoor asa +27
AI Adoption Prompts Security Advisory from NSA 15 hours ago | securityboulevard.com
adoption advisory ai ai adoption +26
AI Data Poisoning: How Misleading Data Is Evading Cybersecurity Protections 15 hours ago | securityboulevard.com
ai cybersecurity ai data ai data poisoning ai security attacks +12

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

SOC 2 Manager, Audit and Certification

@ Deloitte | US and CA Multiple Locations
View on infosec-jobs.com

Cyber Security Cloud Solution Architect

@ Microsoft | London, London, United Kingdom
View on infosec-jobs.com

Compliance Program Analyst

@ SailPoint | United States
View on infosec-jobs.com

Software Engineer III, Infrastructure, Google Cloud Security and Privacy

@ Google | Sunnyvale, CA, USA
View on infosec-jobs.com

Cryptography Expert

@ Raiffeisen Bank Ukraine | Kyiv, Kyiv city, Ukraine
View on infosec-jobs.com

Senior Cyber Intelligence Planner (15.09)

@ OCT Consulting, LLC | Washington, District of Columbia, United States
View on infosec-jobs.com
View more jobs