CVE-2022-22965 Spring4Shell: Spring Framework Zero-Day Security Vulnerability In 10 Minutes
Time for an urgent security bulletin: A new nasty out there that will enable attackers to get a remote shell execution on your servers - under specific conditions. In this 10-minute video, I'll explain what is Spring4Shell vulnerability (CVE-2022-22965), how do the attacks look like and work, what are the potential consequences, and what are the available mitigations right now.
What this NOW to get started. A lot of software is being affected, and a lot of attacks happen right at this moment. This is not - right now - as common as log4shell, but shares many similarities.
As always, show the love by clicking those buttons, leaving comments, and sharing this video with those who should see it. Have got something to add to this video? Feel free to use the comments section!
I don't share the exploits (have to Google them :) - but here are some other links mentioned:
- https://cve.mitre.org/cgi-bin/cvename...
- https://www.springcloud.io/post/2022-...
- https://spring.io/blog/2022/03/31/spr...
Note: Breaking news:
[11:59 BST] Spring Framework versions 5.3.18 and 5.2.20, which address the vulnerability, are now available. The release process for Spring Boot is in progress
