[Geoserver-devel] [JIRA] (GEOS-10441) 'SpringShell' vulnerability (CVE-2022-22965)

Riccardo Sirchia created an issue

GeoServer / BugGEOS-10441

‘SpringShell’ vulnerability (CVE-2022-22965)

Issue Type:

BugBug

Assignee:

Unassigned

Created:

01/Apr/22 11:17 AM

Priority:

MediumMedium

Reporter:

Riccardo Sirchia

A new vulnerability has been identified in Spring-Framework, exploit allows for Remote Code Execution.

Spring-Framwork versions 5.3.17, 5.2.19 and older are vulnerable.

Information on the internet is currently being updated. Some background information:

https://spring.io/blog/2022/03/31/spring-framework-rce-early-announcement

https://blog.sonatype.com/new-0-day-spring-framework-vulnerability-confirmed

Proposed mitigation: Update to 5.3.18 (or optionally 5.2.20) or higher.

Add Comment

Add Comment

Get Jira notifications on your phone! Download the Jira Cloud app for Android or iOS


This message was sent by Atlassian Jira (v1001.0.0-SNAPSHOT#100197-sha1:666e164)

Atlassian logo