Two CVE’s for New Spring4Shell Zero-Day Vulnerability:
- CVE-2022-22963: Remote code execution in Spring Cloud Function by malicious Spring Expression
https://tanzu.vmware.com/security/cve-2022-22963
- CVE-2022-22965: Spring Framework RCE via Data Binding on JDK 9+
https://tanzu.vmware.com/security/cve-2022-22965
Is Rally impacted by this vulnerability?
The Rally SaaS product is not affected by this vulnerability.
The Rally on-premise product is not affected by this vulnerability.
The Rally Adapter for Jira product is not affected by this vulnerability.
aka SpringShell