Spring4Shell

Risk:
High

Type:
Active

CWE:
CWE-78

Summary: The application appears to be vulnerable to CVE-2022-22965 (otherwise known as Spring4Shell) - remote code execution (RCE) via data binding.

Solution: Upgrade Spring Framework to versions 5.3.18, 5.2.20, or newer.

References

https://nvd.nist.gov/vuln/detail/CVE-2022-22965

https://www.rapid7.com/blog/post/2022/03/30/spring4shell-zero-day-vulnerability-in-spring-framework/

https://spring.io/blog/2022/03/31/spring-framework-rce-early-announcement#vulnerability

https://tanzu.vmware.com/security/cve-2022-22965

Free security scan for your website

Don't show website scan report rating on the leaderboard