CVE-2022-22965

NVD Published Date: April 01, 2022 at 11:15 PM
NVD Last Modified: February 09, 2023 at 02:07 AM
Download Patch
Vulnerability ID
CVE-2022-22965
Severity
CRITICAL
Severity Score
9.8
Summary
A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application is deployed as a Spring Boot executable jar, i.e. the default, it is not vulnerable to the exploit. However, the nature of the vulnerability is more general, and there may be other ways to exploit it.
Exploits

https://github.com/reznok/Spring4Shell-POC

https://github.com/BobTheShoplifter/Spring4Shell-POC

https://github.com/TheGejr/SpringShell

https://github.com/tpt11fb/SpringVulScan

https://github.com/alt3kx/CVE-2022-22965

https://github.com/zangcc/CVE-2022-22965-rexbb

https://github.com/Axx8/SpringFramework_CVE-2022-22965_RCE

https://github.com/4nth0ny1130/spring4shell_behinder

https://github.com/Mr-xn/spring-core-rce

https://github.com/FourCoreLabs/spring4shell-exploit-poc

https://github.com/colincowie/Safer_PoC_CVE-2022-22965

https://github.com/Kirill89/CVE-2022-22965-PoC

https://github.com/tangxiaofeng7/CVE-2022-22965-Spring-Core-Rce

https://github.com/k3rwin/spring-core-rce

https://github.com/liangyueliangyue/spring-core-rce

https://github.com/DDuarte/springshell-rce-poc

https://github.com/p1ckzi/CVE-2022-22965

https://github.com/alt3kx/CVE-2022-22965_PoC

https://github.com/light-Life/CVE-2022-22965-GUItools

https://github.com/me2nuk/CVE-2022-22965

https://github.com/wjl110/CVE-2022-22965_Spring_Core_RCE

https://github.com/viniciuspereiras/CVE-2022-22965-poc

https://github.com/itsecurityco/CVE-2022-22965

https://github.com/zer0yu/CVE-2022-22965

https://github.com/gpiechnik2/nmap-spring4shell

https://github.com/fracturelabs/go-scan-spring

https://github.com/sunnyvale-it/CVE-2022-22965-PoC

https://github.com/Loneyers/Spring4Shell

https://github.com/GuayoyoCyber/CVE-2022-22965

https://github.com/Wrin9/CVE-2022-22965

https://github.com/wikiZ/springboot_CVE-2022-22965

https://github.com/nu0l/CVE-2022-22965

https://github.com/netcode/Spring4shell-CVE-2022-22965-POC

https://github.com/mariomamo/CVE-2022-22965

https://github.com/BKLockly/CVE-2022-22965

https://github.com/wshon/spring-framework-rce

https://github.com/iloveflag/Fast-CVE-2022-22965

https://github.com/khidottrivi/CVE-2022-22965

https://github.com/CalumHutton/CVE-2022-22965-PoC_Payara

https://github.com/likewhite/CVE-2022-22965

https://github.com/TheGejr/SpringShell

https://github.com/Mr-xn/spring-core-rce

https://github.com/DDuarte/springshell-rce-poc

https://github.com/Kirill89/CVE-2022-22965-PoC

https://github.com/light-Life/CVE-2022-22965-GUItools

https://github.com/BobTheShoplifter/Spring4Shell-POC

https://github.com/reznok/Spring4Shell-POC

https://github.com/alt3kx/CVE-2022-22965_PoC

https://github.com/viniciuspereiras/CVE-2022-22965-poc

https://github.com/colincowie/Safer_PoC_CVE-2022-22965

https://github.com/Axx8/SpringFramework_CVE-2022-22965_RCE

https://github.com/tangxiaofeng7/CVE-2022-22965-Spring-CachedintrospectionResults-Rce

https://github.com/chaosec2021/CVE-2022-22965-POC

https://github.com/likewhite/CVE-2022-22965

https://github.com/k3rwin/spring-core-rce

https://github.com/nu0l/CVE-2022-22965

https://github.com/Wrin9/CVE-2022-22965

https://github.com/wshon/spring-framework-rce

https://github.com/FourCoreLabs/spring4shell-exploit-poc

https://github.com/me2nuk/CVE-2022-22965

https://github.com/fracturelabs/go-scan-spring

https://github.com/itsecurityco/CVE-2022-22965

https://github.com/sunnyvale-it/CVE-2022-22965-PoC

https://github.com/liangyueliangyue/spring-core-rce

https://github.com/alt3kx/CVE-2022-22965

https://github.com/4nth0ny1130/spring4shell_behinder

https://github.com/GuayoyoCyber/CVE-2022-22965

https://github.com/tangxiaofeng7/CVE-2022-22965-Spring-Core-Rce

https://github.com/wjl110/CVE-2022-22965_Spring_Core_RCE

https://github.com/fracturelabs/spring4shell_victim

https://github.com/zer0yu/CVE-2022-22965

http://packetstormsecurity.com/files/166713/Spring4Shell-Code-Execution.html

https://github.com/mariomamo/CVE-2022-22965

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/spring_framework_rce_spring4shell.rb

https://github.com/wikiZ/springboot_CVE-2022-22965

https://github.com/0zvxr/CVE-2022-22965

https://github.com/tpt11fb/SpringVulScan

https://github.com/p1ckzi/CVE-2022-22965

https://github.com/trhacknon/CVE-2022-22965

https://packetstormsecurity.com/files/167011/Spring4Shell-Spring-Framework-Class-Property-Remote-Code-Execution.html

https://unit42.paloaltonetworks.com/cve-2022-22965-springshell/

https://www.cisa.gov/known-exploited-vulnerabilities-catalog

https://github.com/gpiechnik2/nmap-spring4shell

https://github.com/iyamrotrix/CVE-2022-22965

https://github.com/iyamroshan/CVE-2022-22965

https://github.com/Iyamroshan/CVE-2022-22965

https://github.com/Iyamnabeen/CVE-2022-22965

https://github.com/c5pider/CVE-2022-22965

https://github.com/dynarps/CVE-2022-22965

https://github.com/Pygosce/CVE-2022-22965

https://github.com/pwnsac/CVE-2022-22965

https://github.com/mrfossbrain/CVE-2022-22965

https://github.com/ros1090x/CVE-2022-22965

https://github.com/shwriter/CVE-2022-22965

https://github.com/rosansec/CVE-2022-22965

https://github.com/codedsprit/CVE-2022-22965

https://github.com/zangcc/CVE-2022-22965-rexbb

https://github.com/iloveflag/Fast-CVE-2022-22965

https://github.com/Loneyers/Spring4Shell

https://github.com/netcode/Spring4shell-CVE-2022-22965-POC

https://github.com/jrgdiaz/Spring4Shell-CVE-2022-22965.py

https://github.com/BKLockly/CVE-2022-22965

https://github.com/khidottrivi/CVE-2022-22965

https://github.com/LudovicPatho/CVE-2022-22965_Spring4Shell

https://github.com/CalumHutton/CVE-2022-22965-PoC_Payara

Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE ID
CWE-94

Recent Publish

CVE-2024-8367

CVE-2024-8368

CVE-2024-5053

2024-01 Security and Quality Rollup for .NET Framework 3.5.1, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8 for Windows Embedded Standard 7 (KB5034277)

2024-01 Security and Quality Rollup for .NET Framework 3.5.1, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8 for Windows Embedded Standard 7 for x64 (KB5034277)

2024-01 Security and Quality Rollup for .NET Framework 3.5.1, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8 for Windows Server 2008 R2 for x64 (KB5034277)

See SecOps Solution
in action

Schedule Demo