Spring4Shell and CVE-2022-22963 vulnerabilities

Two distinct spring project vulnerabilities where released recently with critical CVSS score and classified as zero-Day attacks.

The two vulnerabilities are currently known as :
Spring4Shell:
There is currently no fix available for the Spring4Shell vulnerability. However we know that it affects
products using the spring framework with a JDK 9 or above.

https://www.cyberkendra.com/2022/03/springshell-rce-0-day-vulnerability.html?fbclid=IwAR2fXxKQjG9vnJiOaXyZ1N_Ypx91TOzO6f48qGZRfKRzinYtD5nUCIptIjg&m=1


CVE-2022-22963:
In Spring Cloud Function versions 3.1.6, 3.2.2 and older unsupported versions, when using routing
functionality it is possible for a user to provide a specially …

cve cve-2022-22963 spring4shell vulnerabilities