Spring4Shell: Detect and Mitigate

Mend is offering free tools to detect and mitigate the Spring4shell vulnerability in both direct and transitive dependencies.


What You Need to Know About Spring4Shell

CVE-2022-22965, a zero-day RCE vulnerability published on March 31st, 2022, has triggered widespread concern that we are facing Log4j 2.0. 

Here’s why: Spring4Shell is a critical vulnerability in Spring, one of the most popular open-source frameworks for Java applications in use today.  Fast action on detection and remediation is vital. We can help.


Automate your dependency updates

Keeping dependencies up-to-date enables you to remediate vulnerabilities like Spring4Shell in minutes instead of days.

Mend Renovate automates dependency management. It works by detecting your dependencies, checking whether an update exists, and creating update pull requests for you, with all the information you need to make your update decision easy.

This is the tool for those of you using GitHub.


Download our free detection tool

Mend Spring4Shell Detect is a free command-line interface tool that quickly scans projects to find vulnerabilities associated with two different CVEs:

  • CVE-2022-22965 (a.k.a. Spring4Shell), associated with “Spring Framework” versions 5.3.0 to 5.3.17 and 5.2.0 to 5.2.19
  • CVE-2022-22963, associated with “Spring Cloud Function” versions 3.1.6 and 3.2.2

It provides the exact path to direct and indirect dependencies, along with the fixed version for speedy remediation.

This is the tool for those of you not using GitHub.

Get the Response to Spring4Shell Right: Best Practices for Immediate Remediation

Spring4Shell, Spring Zero-day vulnerability

Spring4Shell Zero-Day Vulnerability: Information and Remediation for CVE-2022-22965

What to Expect
and How to Prepare

Who Is Mend?

Mend, formerly known as Mend, effortlessly secures what developers create. Mend uniquely removes the burden of application security, allowing development teams to deliver quality, secure code, faster. With a proven track record of successfully meeting complex and large-scale application security needs, the world’s most demanding software developers rely on Mend. The company has more than 1,000 customers, including 25 percent of the Fortune 100, and manages Renovate, the open source automated dependency update project. For more information, visit www.mend.io, the Mend blog, and Mend on LinkedIn and Twitter.


Start Using Open Source Fearlessly.

Start your free trial with the industry-leading solution for open source security and compliance management.