Dissecting Spring4Shell
31.mar.2022
Blueliv, an Outpost24 company
An RCE vulnerability affecting Spring Core’s JDK 9 and later has become a trending topic in cybersecurity networks during the past couple days. This discovery, compared by some to the Log4Shell vulnerability, generated a lot of confusion and even got mistook with a different vulnerability affecting Spring Cloud, which got a CVE assigned the same day, and even linked them to completely unrelated commits on Spring Core’s GitHub. In this blogpost, we will clarify what happened and what you can do to protect yourself.
Read More