Hello to share a new vulnerability
SpringShell attacks target about one in six vulnerable orgs (bleepingcomputer.com)
(1) New Messages! (checkpoint.com)
Spring4Shell: Detect and mitigate vulnerabilities in Java Spring | Dynatrace | Dynatrace news
What is Spring4Shell?
Spring4Shell is a critical vulnerability in the Spring Framework, an open source platform for Java-based application development. Because 60% of developers use Spring for their main Java applications, many applications are potentially affected.
Spring is popular because it enables software engineers to more easily write and test code to maintain modular applications. Other libraries enable developers to become less dependent on enterprise web servers and, therefore, reduce configuration complexity and cost.
Spring4Shell is one of three vulnerabilities published on March 30:
- Spring Core RCE (critical): CVE-2022-22965 a.k.a. Spring4Shell or SpringShell
Affected library:org.springframework:spring-bean- Information exposure in Spring Cloud Function: CVE-2022-22963
Affected library:org.springframework.cloud:spring-cloud-function-context- Denial of service in Spring Expressions: CVE-2022-22950
Affected library:org.springframework:spring-expressionLike Log4Shell, a vulnerability discovered in December 2021, the Spring4Shell vulnerability challenges organizations to identify and remediate application vulnerabilities in production—before malicious attackers can compromise sensitive data, such as customer or employee data.
