Is Radiant Logic Impacted by SPRING4SHELL (CVE-2022-22965) Vulnerability

Question:

Is Radiant Logic Impacted by SPRING4SHELL (CVE-2022-22965)

 

Answer:

SPRING4SHELL (CVE-2022-22965) - Radiant Logic is NOT impacted

https://spring.io/blog/2022/03/31/spring-framework-rce-early-announcement
This is from Spring and contains a section on "Am I impacted" as well as mitigation techniques.
Per them in the "Am I impacted" section:

"Am I Impacted?

These are the requirements for the specific scenario from the report:

 

1. JDK 9 or higher
2. Apache Tomcat as the Servlet container.
3. Packaged as a traditional WAR (in contrast to a Spring Boot executable jar).
spring-webmvc or spring-webflux dependency.
4. Spring Framework versions 5.3.0 to 5.3.17, 5.2.0 to 5.2.19, and older versions.

 

What this means to Radiant Logic
1.) We are not on JDK9 or higher, we are on JDK8.
2.) We do not use Tomcat, we use Jetty.
3.) We are not packaging Spring as a WAR.

Was this article helpful?
1 out of 1 found this helpful

Comments

0 comments

Please sign in to leave a comment.

Articles in this section

See more