Spring4Shell: Detect and Mitigate

Mend is offering free tools to detect and mitigate the Spring4shell vulnerability in both direct and transitive dependencies.


What You Need to Know About Spring4Shell

CVE-2022-22965, a zero-day RCE vulnerability published on March 31st, 2022, has triggered widespread concern that we are facing Log4j 2.0. 

Here’s why: Spring4Shell is a critical vulnerability in Spring, one of the most popular open-source frameworks for Java applications in use today.  Fast action on detection and remediation is vital. We can help.


Automate your dependency updates

Keeping dependencies up-to-date enables you to remediate vulnerabilities like Spring4Shell in minutes instead of days.

Mend Renovate automates dependency management. It works by detecting your dependencies, checking whether an update exists, and creating update pull requests for you, with all the information you need to make your update decision easy.

This is the tool for those of you using GitHub.


Download our free detection tool

Mend Spring4Shell Detect is a free command-line interface tool that quickly scans projects to find vulnerabilities associated with two different CVEs:

  • CVE-2022-22965 (a.k.a. Spring4Shell), associated with “Spring Framework” versions 5.3.0 to 5.3.17 and 5.2.0 to 5.2.19
  • CVE-2022-22963, associated with “Spring Cloud Function” versions 3.1.6 and 3.2.2

It provides the exact path to direct and indirect dependencies, along with the fixed version for speedy remediation.

This is the tool for those of you not using GitHub.

Get the Response to Spring4Shell Right: Best Practices for Immediate Remediation

Spring4Shell, Spring Zero-day vulnerability

Spring4Shell Zero-Day Vulnerability: Information and Remediation for CVE-2022-22965

What to Expect
and How to Prepare