Threat Encyclopedia

Spring.Framework.SerializationUtils.Insecure.Deserialization

description-logoDescription

This indicates an attack attempt to exploit an Insecure Deserialization in Spring Framework.
The vulnerability is due to insufficient validation of user supplied inputs. Successful exploitation could result in remote code execution.

affected-products-logoAffected Products

Spring Framework 5.3.0 to 5.3.17
5.2.0 to 5.2.19
Older, unsupported versions are also affected

Impact logoImpact

System Compromise: Remote attackers can gain control of vulnerable systems.

recomended-action-logoRecommended Actions

Apply the most recent upgrade or patch from the vendor.
https://tanzu.vmware.com/security/cve-2022-22965

CVE References

CVE-2022-22965