virus logo Web Application Firewall

Spring.Framework.SerializationUtils.Insecure.Deserialization

description-logoDescription

This indicates an attack attempt to exploit an Insecure Deserialization in Spring Framework.
The vulnerability is due to insufficient validation of user supplied inputs. Successful exploitation could result in remote code execution.

description-logoOutbreak Alert

A remote code execution vulnerability exists in Spring Framework with JDK version 9 due to an insecure deserialization exploit. The exploit is based on insufficient validation of input that an attacker can perform a remote code execution. Spring is encouraging customers to upgrade to Spring Framework 5.3.18 and 5.2.20 or follow the suggested workarounds.

View the full Outbreak Alert Report

affected-products-logoAffected Products

Spring Framework

Impact logoImpact

System Compromise: Remote attackers can gain control of vulnerable systems.

recomended-action-logoRecommended Actions

The vendor has not released an advisory or patch regarding this vulnerability.

Version Updates

Date Version Detail
2022-03-31 1.00033

CVE References

CVE-2022-22965
ID 1002017263
Created Mar 31, 2022
Updated Mar 31, 2022
Outbreak Alert Spring4Shell Vulnerability
Risk black-background-circle-icon black-background-circle-icon black-background-circle-icon black-background-circle-icon black-background-circle-icon
Default Action pass
Active
Affected OS Windows, Linux, MacOS
Affected App Other