The flaws include CVE-2022-22947, which affected VMware's Tanzu products, as well as CVE-2022-22963 and CVE-2022-22965, affecting Java applications.

The bug resides in the Java Development Kit (JDK) from version 9.0 and upwards if the system is also using Spring Framework versions 5.3.0 to 5.3.17, 5.2.0 to 5.2.19, and earlier versions.

The vulnerability is currently thought to affect Java development kit versions 9.0 and above, affecting Spring Framework versions 5.3.17, 5.2.0, and 5.2.19.

The security bug could crop up, so to speak, in any number of Java applications. NOTE: This post is about the confirmed and patched vulnerability tracked as CVE-2022-22963. While the researchers ...

This week's Java roundup for April 17th, 2023, features news from OpenJDK, JDK 21, JMC 8.3.1, BellSoft, Spring Boot, Spring Security, Spring Session, Spring Authorization Server, Spring Integration, S ...

The recently disclosed remote code execution (RCE) vulnerability affecting the Spring Framework, known as Spring4Shell, has been added to CISA’s Known Exploited Vulnerabilities Catalog.

Microsoft on Tuesday offered guidance on the so-called "Spring4Shell" vulnerability in the Spring Framework overseen by VMware, while also indicating that its own services were unaffected.