Computer software company Spring has confirmed the existence of the Sping4Shell remote code execution vulnerability in the Spring Framework. The vulnerability is now being tracked as CVE-2022-22965. It also has announced the release of Spring Framework 5.3.18 and 5.2.20, which contain the patch for Spring4Shell, and further updates for Spring Boot 2.6.6 and 2.5.12 that depend on Spring Framework 5.3.18.

Download the report