Abuse Melding

Je hebt een klacht over de onderstaande posting:

31-03-2022, 13:31 door Lizard

Ondertussen is er ook een officiële reactie vanuit spring zelf: https://spring.io/blog/2022/03/31/spring-framework-rce-early-announcement Er zijn nieuwere versies van Spring uitgebracht: - [11:59 BST] Spring Framework versions 5.3.18 and 5.2.20, which address the vulnerability, are now available on Maven Central. The release process for Spring Boot is in progress,but applications can already upgrade their Spring Framework version independently in order to be protected. Ook lijkt de aanvalsvector voor nu mee te vallen: The vulnerability impacts Spring MVC and Spring WebFlux applications running on JDK 9+. The specific exploit requires the application to be packaged as a WAR and deployed to Apache Tomcat. This does mean the exploit does not work for Spring Boot with embedded Tomcat. However, the nature of the vulnerability is more general, and there may be other ways to exploit it.

Beschrijf je klacht (Optioneel):

captcha