Skip to:

  1. Skip to Jira Navigation
  2. Skip to Side Navigation
  3. Skip to Main Content

Spring4Shell RCE (CVE-2022-22965), spring-expression DoS (CVE-2022-22950)

Description

Update Spring from 5.3.16 to >= 5.3.18.

This fixes

  • CVE-2022-22950 (medium-severe) - Denial of Service (DoS) in Spring Expression (SpEL)

  • CVE-2022-22965 (critical) - "Spring4Shell" or Remote Code Execution (RCE) in Spring Core = FOLIO-3466

Environment

None

Potential Workaround

None

Checklist

hide

TestRail: Results

Activity

Show:
Done

Details

Assignee

Reporter

Labels

Priority

Development Team

Spitfire

Affects versions

TestRail: Cases

Open TestRail: Cases

TestRail: Runs

Open TestRail: Runs

Created April 5, 2022 at 5:32 PM
Updated April 12, 2022 at 9:25 AM
Resolved April 12, 2022 at 9:25 AM
TestRail: Cases
TestRail: Runs