Spring4Shell is a a zero-dat vulnerability in the Spring Core Java network. It's tracked as CVE-2022-22965. Impacted users must upgrade to the latest versions of Spring immediately.
Spring4Shell
Key takeaways
- When exploited, Spring4Shell could facilitate Remote Code Injection (RCE)
- The current known exploit only occurs on Tomcat servers, but its limitation to this environment isn't yet conclusive.
- Impacted users must upgrade to the latest versions of Spring immediately.
Reviewed by
No items found.
![UpGuard customer support team](https://cdn.prod.website-files.com/5efbe6918a9cfd65bb1608f9/60507100244040a33e906e5c_avatar-02.jpg)
![UpGuard customer support team](https://cdn.prod.website-files.com/5efbe6918a9cfd65bb1608f9/605071006bd44f2563595a62_avatar-01.jpg)
![UpGuard customer support team](https://cdn.prod.website-files.com/5efbe6918a9cfd65bb1608f9/60507100499c0d504686d69e_avatar-03.jpg)
See UpGuard In Action
Book a free, personalized onboarding call with one of our cybersecurity experts.
More from our blog
Learn more about the latest issues in cybersecurity.
Sign up for our newsletter
Stay up-to-date on everything UpGuard with our monthly newsletter, full of product updates, company highlights, free cybersecurity resources, and more.