GHSA-36p3-wjmg-h94x
Vulnerable Component Details
Type
Namespace
Name
Version
Package URL
maven
org.springframework
spring-core
5.3.10
pkg:maven/org.springframework/spring-core@5.3.10?type=jar
Vulnerability Details
ID
GHSA-36p3-wjmg-h94x
Description
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in org.springframework:spring-core.
Recommendation
Upgrade to versions 5.2.20, 5.3.18 or above.
Ratings
Severity
Score
Method
Vector
Source
critical
10.0
CVSSv3
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Related Vulnerabilities
GMS-2022-559
CVE-2022-22965
Found By
Gitlab Gemnasium
References / Advisories
https://github.com/spring-projects/spring-framework/commit/002546b3e4b8d791ea6acccb81eb3168f51abb15
https://github.com/spring-projects/spring-boot/releases/tag/v2.6.6
https://github.com/spring-projects/spring-framework/releases/tag/v5.2.20.RELEASE
https://github.com/spring-projects/spring-framework/releases/tag/v5.3.18
https://github.com/spring-projects/spring-boot/releases/tag/v2.5.12
https://nvd.nist.gov/vuln/detail/CVE-2022-22965
https://github.com/advisories/GHSA-36p3-wjmg-h94x
https://spring.io/blog/2022/03/31/spring-framework-rce-early-announcement
https://tanzu.vmware.com/security/cve-2022-22965
Weakness Enumeration
CWE-1035
CWE-78
CWE-937