Spring Framework version 5.3.18-CVE-2022-22965

April 1, 2022

NAME

Spring ProjectsSpring Framework

  • Platforms Affected:
    Spring Framework

  • Risk Level:
    high

  • CVE Type:
    RCE

DESCRIPTION

CVE-2022-22965 is a remote code execution (RCE) vulnerability impacting Spring Framework versions 5.2.0 through 5.2.19 and versions 5.3.0 through 5.3.17. An exploit was observed in open source and a link to an exploit was shared in the underground. Security researchers claimed the vulnerability was actively exploited in the wild. Additionally, a scanner tool pertaining to CVE-2022-22965 which was used to detect vulnerable instances of Spring Frameworks was observed in open source.

CVSS Information:

  • CVSS 2.0 SCORE:
  • CVSS 3.0 SCORE:

  • Exploit Disclosed in the Public:
    true

  • Exploit Weaponised:
    true

  • PoC Link:
    hXXps://github[.]com/tweedge/springcore-0day-en

MITIGATION

Spring Projects addressed the vulnerability in Spring Framework versions 5.3.18 and 5.2.20.

  • Reference Link:
    https://github.com/spring-projects/spring-framework/releases/tag/v5.3.18

  • Patch Available:
    available

If you like the site, please consider joining the telegram channel and supporting us on Patreon using the button below.

Digital Patreon Wordmark FieryCoralv2

You may have missed

image 1

CVE Alert: CVE-2024-45885

November 5, 2024
image 1

CVE Alert: CVE-2024-51681

November 5, 2024
image 1

CVE Alert: CVE-2024-45887

November 5, 2024
image 1

CVE Alert: CVE-2024-45888

November 5, 2024
image 1

CVE Alert: CVE-2024-51682

November 5, 2024