Spring Core Remote Code Execution via Data Binding on JDK 9+
A remote code execution RCE vulnerability was discovered in the Spring framework, affecting at least Spring versions 4.x and 5.x. A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution RCE via data binding. The specific exploit requires the...