Spring4Shell

Risk:
High

Type:
Active

CWE:
CWE-78

Summary: The application appears to be vulnerable to CVE-2022-22965 (otherwise known as Spring4Shell) - remote code execution (RCE) via data binding.

Solution: Upgrade Spring Framework to versions 5.3.18, 5.2.20, or newer.

References

https://nvd.nist.gov/vuln/detail/CVE-2022-22965

https://www.rapid7.com/blog/post/2022/03/30/spring4shell-zero-day-vulnerability-in-spring-framework/

https://spring.io/blog/2022/03/31/spring-framework-rce-early-announcement#vulnerability

https://tanzu.vmware.com/security/cve-2022-22965

Latest Security News

Top CVE List

Common Security Alerts

HighXML External Entity Attack
MediumSession ID in URL Rewrite
MediumSpring Actuator Information Leak
HighHeartbleed OpenSSL Vulnerability (Indicative)
MediumDirectory Browsing
InformationalCookie Slack Detector
MediumAbsence of Anti-CSRF Tokens
HighCORS Misconfiguration
MediumBuffer Overflow
HighRemote Code Execution - CVE-2012-1823

Top CWE List

Free online web security scanner

Don't show website scan report rating on the leaderboard