Researchers warn RCE bug in Spring Cloud Could Be the Next Log4Shell

10
Researchers warn RCE bug in Spring Cloud Could Be the Next Log4Shell-01

The Spring Cloud Function has a concerning security flaw that could lead to Remote Code Execution (RCE) and the compromise of an entire internet-connected system.

Due to its Java-based nature and ease of exploit, some researchers have called it “Spring4Shell,” similar to the Log4Shell vulnerability revealed in December. According to an advisory, the flaw (CVE-2022-22963) affects versions 3.1.6 and 3.2.2, as well as older, unsupported versions.

In order to implement the pacth, users should update to 3.1.7 and 3.2.3.

Read More: https://threatpost.com/critical-rce-bug-spring-log4shell/179173/