Remote code execution flaws in Spring and Spring Cloud frameworks put Java apps at risk

March 31, 2022

Read Time:37 Second

A remote code execution vulnerability in Spring Framework has sparked fears that it could have a widespread impact across enterprise environments. Spring is one of the most popular open-source frameworks for developing Java applications.

The flaw, which has since been dubbed SpringShell or Spring4Shell, came to light when a Chinese developer released a proof-of-concept (PoC) exploit on GitHub and then removed it, prompting widespread speculation about the unpatched flaw, its causes and potential impact. There was also some early confusion between this vulnerability and a different one patched Tuesday in Spring Cloud, a microservices library that’s different from the core Spring Framework. That vulnerability is tracked as CVE-2022-22963.

To read this article in full, please click here

China-based SMS Phishing Triad Pivots to Banks

Google Cloud: China Achieves “Cyber Superpower” Status

Google Cloud: CISOs Demand Simplified Security Tools Amid Growing Tech Complexity

Over 40% of UK Businesses Faced Cybersecurity Breaches in 2024

SpyNote Malware Targets Android Users with Fake Google Play Pages

AI-Powered AkiraBot Evades CAPTCHA to Spam 80,000 Websites

Operation Endgame Continues with Smokeloader Customer Arrests

Smashing Security podcast #412: Signalgate sucks, and the quandary of quishing

WK Kellogg Confirms Data Breach Tied to Cleo Software Exploit