CISA Adds Eight Known Exploited Vulnerabilities to Catalog

CISA has added eight new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise. Note: to view the newly...

Spring Framework Spring4Shell (CVE-2022-22965)

Binary data spring4shell.nbin...

VMware Spring Boot RCE Vulnerability (Spring4Shell, SpringShell)

VMware Spring Boot is prone to a remote code execution RCE vulnerability in the used Spring Framework dubbed SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...

Spring Framework Data Binding vulnerability

Added: 04/05/2022 Background The Spring Framework provides a comprehensive programming and configuration model for modern Java-based enterprise applications. Problem Spring Framework is affected by a data binding vulnerability when running with JDK 9 or higher. The vulnerability allows remote cod...

CVE-2022-24795 Buffer Overflow and Integer Overflow in yajl-ruby

yajl-ruby is a C binding to the YAJL JSON parsing and generation library. The 1.x branch and the 2.x branch of yajl contain an integer overflow which leads to subsequent heap memory corruption when dealing with large 2GB inputs. The reallocation logic at yajlbuf.cL64 may result in the need 32bit...

CVE-2022-22965: UAA affected by Spring Framework RCE via Data Binding on JDK 9+ | Cloud Foundry

Severity Critical Vendor Cloud Foundry Foundation Description In Cloud Foundry UAA, a remote code execution vulnerability is present due to an issue in the Spring Framework identified by CVE-2022-22965. A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code...

Spring Framework Data Binding vulnerability

Added: 04/05/2022 Background The Spring Framework provides a comprehensive programming and configuration model for modern Java-based enterprise applications. Problem Spring Framework is affected by a data binding vulnerability when running with JDK 9 or higher. The vulnerability allows remote cod...

VulnCheck KEV: CVE-2022-22965

Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution RCE via data binding...

Spring Framework JDK 9+ Remote Code Execution Vulnerability

Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution RCE via data binding...

BSA-2022-1769

Security Advisory ID : BSA-2022-1769 Component : Spring Framework RCE Revision : 1.0 Brocade PSIRT has become aware ofan RCE vulnerability in the Spring Framework. A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution RCE via data binding. More...

Spring4Shell, Spring Cloud Function RCE and Spring Cloud Gateway Code Injection

Hello everyone! This episode will be about last weeks high-profile vulnerabilities in Spring. Lets figure out what happened. Alternative video link for Russia: Of course, its amazing how fragmented the software development world has become. Now there are so many technologies, programming language...

Spring Remote Code Execution: CVE-2022-22963 and CVE-2022-22965

SonicWall PSIRT is tracking two critical vulnerabilities impacting the Spring Framework. This advisory is intended to address both. 1CVE-2022-22963: Remote code execution in Spring Cloud Function by malicious Spring ExpressionIn Spring Cloud Function versions 3.1.6, 3.2.2 and older unsupported...

VMware Spring Framework Code Injection Vulnerability

VMware Spring Framework is an open source Java, JavaEE application framework from VMware, Inc. A code injection vulnerability exists in Vmware Spring Framework, which stems from the RCE for data binding on JDK 9. No details of the vulnerability are currently available...

Vulnerability in Spring Framework Affecting Cisco Products: March 2022

On March 31, 2022, the following critical vulnerability in the Spring Framework affecting Spring MVC and Spring WebFlux applications running on JDK 9+ was released: CVE-2022-22965: Spring Framework RCE via Data Binding on JDK 9+ For a description of this vulnerability, see VMware Spring Framework...

CVE-2022-22965

A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution RCE via data binding. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application is deployed as a Spring Boot executable jar, i.e. the default, it is...

UBUNTU-CVE-2022-22965

A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution RCE via data binding. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application is deployed as a Spring Boot executable jar, i.e. the default, it is...

CVE-2022-22965

A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution RCE via data binding. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application is deployed as a Spring Boot executable jar, i.e. the default, it is...

CVE-2022-22965

A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution RCE via data binding. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application is deployed as a Spring Boot executable jar, i.e. the default, it is...

CVE-2022-22965

CVE-2022-22965 (Spring4Shell) affects Spring Framework’s Spring MVC and Spring WebFlux when data binding is enabled in apps running on JDK 9+, with exploitation requiring Tomcat as WAR deployment. The issue is not exploited in Spring Boot executable jars. Vulnerable configurations are associated ...

Exploit for Code Injection in Vmware Spring_Framework

Spring4ShellCVE-2022-22965 Spring Framework RCE via Data Bi...