What You Need to Know About Spring4Shell
CVE-2022-22965, a zero-day RCE vulnerability published on March 31st, 2022, has triggered widespread concern that we are facing Log4j 2.0.
Here’s why: Spring4Shell is a critical vulnerability in Spring, one of the most popular open-source frameworks for Java applications in use today. Fast action on detection and remediation is vital. We can help.
Automate your dependency updates
Keeping dependencies up-to-date enables you to remediate vulnerabilities like Spring4Shell in minutes instead of days.
Mend Renovate automates dependency management. It works by detecting your dependencies, checking whether an update exists, and creating update pull requests for you, with all the information you need to make your update decision easy.
This is the tool for those of you using GitHub.
Download our free detection tool
Mend Spring4Shell Detect is a free command-line interface tool that quickly scans projects to find vulnerabilities associated with two different CVEs:
- CVE-2022-22965 (a.k.a. Spring4Shell), associated with “Spring Framework” versions 5.3.0 to 5.3.17 and 5.2.0 to 5.2.19
- CVE-2022-22963, associated with “Spring Cloud Function” versions 3.1.6 and 3.2.2
It provides the exact path to direct and indirect dependencies, along with the fixed version for speedy remediation.
This is the tool for those of you not using GitHub.
Get the Response to Spring4Shell Right: Best Practices for Immediate Remediation
Spring4Shell Zero-Day Vulnerability: Information and Remediation for CVE-2022-22965
