{"uuid": "220fadef-4f28-4abc-8ff8-df12ceeb3433", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-22963", "type": "seen", "source": "https://t.me/ARC15INFO/331", "content": "Spring4Shell (CVE-2022-22965): details and mitigations.\n\nLast week researchers found the critical vulnerability CVE-2022-22965 in Spring \u2013 the open source Java framework. Using the vulnerability, an attacker can execute arbitrary code on a remote web server, which makes CVE-2022-22965 a critical threat, given the Spring framework\u2019s popularity. By analogy with the infamous Log4Shell threat, the vulnerability was named Spring4Shell.\n\nCVE-2022-22965 and CVE-2022-22963: technical details\n\nCVE-2022-22965 (Spring4Shell, SpringShell) is a vulnerability in the Spring Framework that uses data binding functionality to bind data stored within an HTTP request to certain objects used by an application. The bug exists in the getCachedIntrospectionResults method, which can be used to gain unauthorized access to such objects by passing their class names via an HTTP request.\n\nhttps://securelist.com/spring4shell-cve-2022-22965/106239/\n\n\ud83d\udce1@cRyPtHoN_INFOSEC_FR\n\ud83d\udce1@cRyPtHoN_INFOSEC_EN\n\ud83d\udce1@cRyPtHoN_INFOSEC_DE\n\ud83d\udce1@BlackBox_Archiv", "creation_timestamp": "2024-08-29T06:23:17.000000Z"}