Spring4Shell: New info and fixes (CVE-2022-22965)

In this video for Help Net Security, Ax Sharma, Senior Security Researcher at Sonatype, talks about the latest developments regarding Spring4Shell, the unauthenticated RCE zero-day vulnerability in Spring Core whose existence has finally been confirmed by its developers. Spring4Shell has been catalogued as CVE-2022-22965 and fixed in Spring Framework 5.3.18 and 5.2.20, and Spring Boot (which depends on the Spring Framework) 2.5.12 and 2.6.6. “The vulnerability impacts Spring MVC and Spring WebFlux applications running on … More →

The post …

custom applications cve cve-2022-22965 don't miss enterprise exploit fixes hot stuff software development sonatype spring4shell video vulnerability