Spring4Shell (CVE-2022-22965)

Spring4Shell vulnerability – what you need to know from RapidSpike.

Are you aware of the vulnerability in the Spring MVC or Spring WebFlux frameworks? Further detail can be found here.

None of our proprietary software is written in Java and therefore doesn’t use the Spring MVC or Spring WebFlux frameworks, so is not directly affected by this issue.

We have checked with our infrastructure provider – AWS – and at the time of writing, they have not yet released a statement about if vulnerability affects their services. However, we are confident we are not affected due to not running any Spring products or Java applications in our systems.

We will keep this blog post updated with any developments regarding this vulnerability and our systems.