Operational information regarding the Spring4Shell vulnerability in the Spring Core Framework
Operational information regarding the Spring4Shell vulnerability (CVE-2022-22965) in the Spring Core Framework.
Repository contents
- README.md: contains general information and detection and mitigation measures
- software/README.md: contains a list of known vulnerable and not vulnerable software.
- services/README.md: contains a list of known vulnerable and not vulnerable services.
NCSC-NL has published a HIGH/HIGH advisory for the Spring4shell vulnerability. Normally we would update a HIGH/HIGH advisory for vulnerable software packages, however due to the expected number of updates we have created a list of known vulnerable software in the software directory.
Mitigation measures
Determine if the Spring Core Framework is used in your network. Ensure that deployments of the Spring Core Framework are running a version equal to or greater than 5.3.18 or 5.2.20. Scanning tools are available to help find