{"uuid": "6c1d9450-0a57-418c-84c5-89d71d6bce59", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-22963", "type": "seen", "source": "https://t.me/ARC15INFO/301", "content": "New Spring Framework RCE  Vulnerability Confirmed - What to do?\n\nEarly Wednesday morning (GMT), allegations began to appear on the internet about a new remote code execution flaw that affects Spring Framework. This vulnerability, dubbed by some as \"Springshell\" in the community, is a new, previously unknown security vulnerability. It has been added to Sonatype data as SONATYPE-2022-1764 and given the designation CVE-2022-22965. Spring have acknowledged the vulnerability and released 5.3.18 and 5.2.20 to patch the issue. We recommend an immediate upgrade for all users.\n\nNOTE: A separate Spring vulnerability CVE-2022-22963 (High) disclosed a few days ago impacts Spring Cloud Function. This is a Spring Expression language SpEL vulnerability in Spring Cloud Function and is NOT related to \"Springshell\" that impacts Spring.\n\nhttps://blog.sonatype.com/new-0-day-spring-framework-vulnerability-confirmed\n\n\ud83d\udce1@cRyPtHoN_INFOSEC_FR\n\ud83d\udce1@cRyPtHoN_INFOSEC_EN\n\ud83d\udce1@cRyPtHoN_INFOSEC_DE\n\ud83d\udce1@BlackBox_Archiv", "creation_timestamp": "2024-08-29T06:23:17.000000Z"}