Confirmed remote code execution (RCE) in Spring Core, an extremely popular Java framework (CVE-2022-22965)

Posted on March 30, 2022 in Software Frameworks, Libraries, and Components

Praetorian has confirmed that a remote code execution vulnerability exists in Spring, an extremely popular Java framework. How broadly this impacts the Spring ecosystem remains unclear. The flaw has been assigned a bug alert severity of 'critical'.

Continue reading