Another Log4Shell? Not Quite-But Spring4Shell is Serious


Spring4Shell flaws vulnerabilities WhiteSource Python

As more details emerge on a Spring4Shell, a recently discovered remote code execution (RCE) flaw affecting Spring Framework, security researchers are urging affected users to immediately implement a patch issued by Spring.

Spring’s popularity among Java frameworks rivals that of Struts, Sonatype Field CTO Ikka Turunen said, and the vulnerability affects most known versions of the apps using the framework.

Read more…