ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

SpringShell: Spring Core RCE 0-day Vulnerability

book

Article ID: 238333

calendar_today

Updated On:

Products

APCDOC Automated Job Documentation

Issue/Introduction

Researchers have found a remote code execution 0-day vulnerability (dubbed Spring4Shell and SpringShell) in the Spring Core Java framework that allows unauthenticated remote code execution.

 

Cause

This RCE 0-day vulnerability exists in the Spring Core with the JDK version greater than or equal to 9.0. It allows an unauthenticated attacker to execute arbitrary code on the target system. The Spring Framework is a popular Java platform that provides comprehensive infrastructure support for developing Java applications.

Environment

Release : 1.3

Component : APCDOC - Online Documentation

Resolution

APCDOC has no JAVA interface.

There is no vulnerability with Spring Core Framework with JDK version 9 and above.