image credit: adobe stock
Two critical vulnerabilities have been patched recently in the popular Java application development framework Spring: CVE-2022-22965 (aka Spring4Shell and SpringShell) and CVE-2022-22963.
The flaws can be used for remote code execution and they both appear to have been exploited by malicious actors, with attacks reportedly starting before patches were made available by Spring developers.
Comments are closed.
