The following vulnerabilities were announced named as new Spring4Shell Zero-Day Vulnerabilities:
- CVE-2022-22963: Remote code execution in Spring Cloud Function by malicious Spring Expression
- CVE-2022-22965: Spring Framework RCE via Data Binding on JDK 9+
- CVE-2022-22950: Spring Expression DoS Vulnerability
Is Dollar Universe impacted by these vulnerabilities?
Release : 6.x, 7.x
Component : DOLLAR UNIVERSE
Defect in third party libraries
Dollar Universe does not meet the requirement to be vulnerable with CVE-2022-22963 and CVE-2022-22965 vulnerabilities as stated on:
Spring core is ONLY used in the following components:
These components will have the spring version updated in the future (6.10.101 and 7.0.11).