Vendors Assessing Impact of Spring4Shell Vulnerability


The developers of Spring, which is owned by VMware and said to be the world’s most popular Java application development framework, announced patches for three vulnerabilities last week.

One of them is tracked as CVE-2022-22965, Spring4Shell and SpringShell, and it has been described as a critical remote code execution vulnerability in Spring Framework that can be exploited without authentication.

Spring4ShellAnother critical flaw is CVE-2022-22963, which affects the Spring Cloud Function and which also allows remote code execution. The third security hole is CVE-2022-22950, a medium-severity DoS vulnerability.