Spring4Shell is a critical vulnerability in the Spring Framework, an open source platform for Java-based application development. The reason that it is so important is because more than 60% of developers use this Spring Framework to build their Java applications thus leaving them potentially affected.
The Spring Framework is popular among developers because it enables them to more easily write and maintain modular applications. It also enables them to map user requests to Java objects. Other resources of the Spring Framework enable developers to become less dependent on enterprise web servers and, therefore, reduce configuration complexity and cost.
The Spring4Shell vulnerability was published on March 30:
- Spring Core RCE (critical): CVE-2022-22965 a.k.a. Spring4Shell or SpringShell
Affected library: org.springframework:spring-bean