A vulnerability on the Spring Framework RCE, CVE 2022 22965, was disclosed on 31 Mar 2022.
The Spring Framework exploit allows a Spring MVC or WebFlux running on JDK 9+ to be vulnerable to remote code execution (RCE) via data binding.
Planisware has not to date noted any impact to the security of our cloud services and product.
More information on the vulnerability:
- Updates and early disclosure: Spring Framework RCE, Early Annoucement