Spring Hell: CVE-2022-22965 (Spring4Shell)
On March 29, 2022, a remote code execution (RCE) in Spring Cloud Function was disclosed by Spring, a VMWare subsidiary. The vulnerability, tracked as CVE-2022-22963, was fixed at disclosure with the release of Spring Cloud Function 3.1.7 and 3.2.3. The disclosure came closely after another remote code execution vulnerability (CVE-2022-22947) in Spring Cloud Gateway that was patched earlier in March in versions 3.1.1 and 3.0.7 and higher of Spring Cloud Gateway.
April 1, 2022 02:54 PM
Threat Alert