Spring Framework version 5.3.18-CVE-2022-22965

April 1, 2022

NAME

Spring ProjectsSpring Framework

  • Platforms Affected:
    Spring Framework

  • Risk Level:
    high

  • CVE Type:
    RCE

DESCRIPTION

CVE-2022-22965 is a remote code execution (RCE) vulnerability impacting Spring Framework versions 5.2.0 through 5.2.19 and versions 5.3.0 through 5.3.17. An exploit was observed in open source and a link to an exploit was shared in the underground. Security researchers claimed the vulnerability was actively exploited in the wild. Additionally, a scanner tool pertaining to CVE-2022-22965 which was used to detect vulnerable instances of Spring Frameworks was observed in open source.

CVSS Information:

  • CVSS 2.0 SCORE:
  • CVSS 3.0 SCORE:

  • Exploit Disclosed in the Public:
    true

  • Exploit Weaponised:
    true

  • PoC Link:
    hXXps://github[.]com/tweedge/springcore-0day-en

MITIGATION

Spring Projects addressed the vulnerability in Spring Framework versions 5.3.18 and 5.2.20.

  • Reference Link:
    https://github.com/spring-projects/spring-framework/releases/tag/v5.3.18

  • Patch Available:
    available

If you like the site, please consider joining the telegram channel and supporting us on Patreon using the button below.

Digital Patreon Wordmark FieryCoralv2
Tags: , ,

You may have missed

gophish

GoPhish Login Page Detected – 159[.]89[.]100[.]187:443

April 13, 2024
gophish

GoPhish Login Page Detected – 49[.]13[.]0[.]208:443

April 13, 2024
gophish

GoPhish Login Page Detected – 136[.]144[.]165[.]159:443

April 13, 2024
gophish

GoPhish Login Page Detected – 54[.]72[.]252[.]180:3333

April 13, 2024
gophish

GoPhish Login Page Detected – 34[.]123[.]246[.]69:80

April 13, 2024