Unpatched SpringShell bug threatens web app security

Security researchers have warned of a new critical remote execution bug in a popular Java developer framework

A new critical remote code execution bug, dubbed “SpringShell” by some in the community, has been identified by security researchers.

The vulnerability impacts the spring-core artifact, a popular framework used extensively in Java applications, specifically with JKD9 or newer.

Sonatype explained, “the vulnerability affects anyone using spring-core, a core part of the Spring Framework, to perform logging, and anyone using software built on Spring, which is a large population of enterprise Java software.”

“It stems from a previously exploited issue (CVE-2010-1622) in Spring that was patched in the past, but became vulnerable again when used with JDK9,” it continued. Read more:https://bit.ly/3wUtxCl

Leave a Reply

Your email address will not be published. Required fields are marked *