A new critical remote code execution bug, dubbed “SpringShell” by some in the community, has been identified by security researchers.
The vulnerability impacts the spring-core artifact, a popular framework used extensively in Java applications, specifically with JKD9 or newer.
Sonatype explained, “the vulnerability affects anyone using spring-core, a core part of the Spring Framework, to perform logging, and anyone using software built on Spring, which is a large population of enterprise Java software.”
“It stems from a previously exploited issue (CVE-2010-1622) in Spring that was patched in the past, but became vulnerable again when used with JDK9,” it continued.
The post Unpatched SpringShell bug threatens web app security appeared first on IT Security Guru.