Spring Framework version 5.3.18-CVE-2022-22965
NAME
Spring Projects – Spring Framework
- Platforms Affected:
Spring Framework - Risk Level:
high - CVE Type:
RCE
DESCRIPTION
CVE-2022-22965 is a remote code execution (RCE) vulnerability impacting Spring Framework versions 5.2.0 through 5.2.19 and versions 5.3.0 through 5.3.17. An exploit was observed in open source and a link to an exploit was shared in the underground. Security researchers claimed the vulnerability was actively exploited in the wild. Additionally, a scanner tool pertaining to CVE-2022-22965 which was used to detect vulnerable instances of Spring Frameworks was observed in open source.
CVSS Information:
- CVSS 2.0 SCORE:
- CVSS 3.0 SCORE:
- Exploit Disclosed in the Public:
true - Exploit Weaponised:
true - PoC Link:
hXXps://github[.]com/tweedge/springcore-0day-en
MITIGATION
Spring Projects addressed the vulnerability in Spring Framework versions 5.3.18 and 5.2.20.
- Reference Link:
https://github.com/spring-projects/spring-framework/releases/tag/v5.3.18 - Patch Available:
available
If you like the site, please consider joining the telegram channel and supporting us on Patreon using the button below.