Java vulnerabilities to look out for – Spring4Shell – UPDATE 23 April 2022

This story was first published on 31 March 2022 and Updated on 5 April 2022

Update 26 April 2022

There has been a steady increase in the number of active attacks against this and related vulnerabilities:

Hackers hammer SpringShell vulnerability in attempt to install cryptominers | Ars Technica


This is a complicated one – but the versions of Java complicated! Here is an article explaining the Spring Cloud framework issues and the versions by Johannes at SANS Internet Storm.

Java Springtime Confusion: What Vulnerability are We Talking About – SANS Internet Storm Centre

VMWare develops the Spring Framework:

Spring Releases Security Updates Addressing “Spring4Shell” and Spring Cloud Function Vulnerabilities | CISA

Microsoft has issued advice here:

SpringShell RCE vulnerability: Guidance for protecting against and detecting CVE-2022-22965 – Microsoft Security Blog

Further Reading

Spring4Shell in the wild executing the Mirai botnet – Smart Thinking Solutions