jdk9の検索結果1 - 2 件 / 2件

• あとで読む

  CVE-2022-22965: Spring Framework RCE via Data Binding on JDK 9+

  • 5 users
  • spring.io
  • テクノロジー
  • 2022/03/31

  CVE-2022-22965: Spring Framework RCE via Data Binding on JDK 9+ A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application is deployed as a Spring Boot executable jar, i.e. the default, it is not vulnerable to the exploit. Howev

  • security

  
• あとで読む

  Spring Core on JDK9+ is vulnerable to remote code execution

  • 3 users
  • www.praetorian.com
  • テクノロジー
  • 2022/03/31

  Update: March 31, 2022 A patch has officially been released. https://spring.io/blog/2022/03/31/spring-framework-rce-early-announcement https://tanzu.vmware.com/security/cve-2022-22965 OverviewSpring Core on JDK9+ is vulnerable to remote code execution due to a bypass for CVE-2010-1622. At the time of writing, this vulnerability is unpatched in Spring Framework and there is a public proof-of-concep

  • Java
  • development
  • software
  • security
  • programming
  • business
  • news