logo
Home/CVEs/CVE-2022-22965/

CVE-2022-22965 - Spring Framework JDK 9+ Remote Code Execution Vulnerability

Project:VMware

Product:Spring Framework

Date Added:2022-04-04Due Date:2022-04-25

Vulnerability Name

Spring Framework JDK 9+ Remote Code Execution Vulnerability

Description

Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding.

Known To Be Used in Ransomware Campaigns?

Unknown

Action

Apply updates per vendor instructions.

Additional Notes

https://nvd.nist.gov/vuln/detail/CVE-2022-22965