Spring Framework Data Binding vulnerability

Added: 04/05/2022

Background

The Spring Framework provides a comprehensive programming and configuration model for modern Java-based enterprise applications.

Problem

Spring Framework is affected by a data binding vulnerability when running with JDK 9 or higher. The vulnerability allows remote code execution if the application runs on Tomcat as a WAR deployment.

Resolution

Upgrade to Spring Framework 5.2.20 or 5.3.18 or higher.

References

https://spring.io/blog/2022/03/31/spring-framework-rce-early-announcement

Back to exploit index