The Spring Cloud Function has a concerning security flaw that could lead to Remote Code Execution (RCE) and the compromise of an entire internet-connected system.
Due to its Java-based nature and ease of exploit, some researchers have called it “Spring4Shell,” similar to the Log4Shell vulnerability revealed in December. According to an advisory, the flaw (CVE-2022-22963) affects versions 3.1.6 and 3.2.2, as well as older, unsupported versions.
In order to implement the pacth, users should update to 3.1.7 and 3.2.3.
Read More: https://threatpost.com/critical-rce-bug-spring-log4shell/179173/