On March 31, 2022 a pair of significant vulnerabilities were identified in the Java Spring Framework which would allow an attacker to execute malicious code.
* CVE-2022-22963 - https://tanzu.vmware.com/security/cve-2022-22963 * CVE-2022-22965 - https://tanzu.vmware.com/security/cve-2022-22965 It is critical for all of our vendors to determine if their software is impacted so that remediation steps can be taken. We need your company to respond to the following questions immediately: * Is your product impacted by CVE-2022-22963 or CVE-2022-22965? * Is your product built on Java? * Does your product depend on the Spring Cloud Function project? If so, what version? * Does your product depend on Spring Framework? If so, what version? * Does the product require JDK 9 or higher? * Does the product have a dependency on spring-webmvc? * Does the product have a dependency on spring-webflux?
