Hello to share a new vulnerability
SpringShell attacks target about one in six vulnerable orgs (bleepingcomputer.com)
(1) New Messages! (checkpoint.com)
Spring4Shell: Detect and mitigate vulnerabilities in Java Spring | Dynatrace | Dynatrace news
What is Spring4Shell?
Spring4Shell is a critical vulnerability in the Spring Framework, an open source platform for Java-based application development. Because 60% of developers use Spring for their main Java applications, many applications are potentially affected.
Spring is popular because it enables software engineers to more easily write and test code to maintain modular applications. Other libraries enable developers to become less dependent on enterprise web servers and, therefore, reduce configuration complexity and cost.
Spring4Shell is one of three vulnerabilities published on March 30:
- Spring Core RCE (critical): CVE-2022-22965 a.k.a. Spring4Shell or SpringShell
- Information exposure in Spring Cloud Function: CVE-2022-22963
- Denial of service in Spring Expressions: CVE-2022-22950
Like Log4Shell, a vulnerability discovered in December 2021, the Spring4Shell vulnerability challenges organizations to identify and remediate application vulnerabilities in production—before malicious attackers can compromise sensitive data, such as customer or employee data.
Thanks for sharing will look in to this one. 👍
Again a very critical issue. Is there a list avaliable with affected software products? Everything I've checked so far isn't affected; like with VMware only Tanzu needs patching.