There are two critical RCE vulnerabilities in Java’s Spring Framework.

Wed, 06 Apr 2022 9:32:00 Dan vulnerabilities

A new critical Remote Code Execution (RCE) vulnerability (CVE-2022-22963) was discovered in Java’s Spring Cloud Functions. There are patches available for this vulnerability which should be applied to affected systems as soon as possible.
A 0-day vulnerability in Spring Core that could lead to unauthenticated RCE, has also been discovered. It has been titled by some researchers as “Spring4Shell” or “SpringShell”.

There are reports of proof-of-concept code and active exploitation for both vulnerabilities.

More at https://www.cert.govt.nz/it-specialists/advisories/active-exploitation-of-rce-in-javas-spring-framework/

About the author

Dan

I'm a long-time user and enthusiast of open source software and espouse the philosophy that software code should be open (readable). So that everyone can see what happens behind the scenes while we use our electronic devices every day.