Spring Framework RCE, Early Announcement
Updates
- [04-13] "Data Binding Rules Vulnerability CVE-2022-22968" follow-up blog post published, related to the "disallowedFields" from the Suggested Workarounds
- [04-08] Snyk announces an additional attack vector for Glassfish and Payara. See also related Payara, upcoming release announcement
- [04-04] Updated Am I Impacted with improved description for deployment requirements
- [04-01] Updated Am I Impacted with additional notes
- [04-01] Updated Suggested Workarounds section for Apache Tomcat upgrades and Java 8 downgrades
- [04-01] "Mitigation Alternative" follow-up blog post published, announcing Apache Tomcat releases versions 10.0.20, 9.0.62, and 8.5.78…