{"vuid":"VU#970766","idnumber":"970766","name":"Spring Framework insecurely handles PropertyDescriptor objects with data binding","keywords":null,"overview":"### Overview\r\n\r\nThe Spring Framework insecurely handles PropertyDescriptor objects, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system.\r\n\r\n### Description\r\n\r\nThe [Spring Framework](https://spring.io/) is a Java framework that can be used to create applications such as web applications. Due to improper handling of PropertyDescriptor objects used with data binding, Java applications written with Spring may allow for the execution of arbitrary code.\r\n\r\nExploit code that targets affected WAR-packaged Java code for tomcat servers is publicly available.\r\n\r\nNCSC-NL has a [list of products and their statuses](https://github.com/NCSC-NL/spring4shell/blob/main/software/README.md) with respect to this vulnerability.\r\n\r\n### Impact\r\nBy providing crafted data to a Spring Java application, such as a web application, an attacker may be able to execute arbitrary code with the privileges of the affected application. Depending on the application, exploitation may be possible by a remote attacker without requiring authentication.\r\n\r\n### Solution\r\n#### Apply an update\r\nThis issue is addressed in Spring Framework 5.3.18 and 5.2.20. Please see the [Spring Framework RCE Early Announcement](https://spring.io/blog/2022/03/31/spring-framework-rce-early-announcement) for more details.\r\n\r\n### Acknowledgements\r\nThis issue was publicly disclosed by heige.\r\n\r\nThis document was written by Will Dormann","clean_desc":null,"impact":null,"resolution":null,"workarounds":null,"sysaffected":null,"thanks":null,"author":null,"public":["https://tanzu.vmware.com/security/cve-2022-22965","https://spring.io/blog/2022/03/31/spring-framework-rce-early-announcement","https://www.cyberkendra.com/2022/03/springshell-rce-0-day-vulnerability.html","https://github.com/NCSC-NL/spring4shell/blob/main/software/README.md"],"cveids":["CVE-2022-22965"],"certadvisory":null,"uscerttechnicalalert":null,"datecreated":"2022-03-31T13:52:51.484050Z","publicdate":"2022-03-30T00:00:00Z","datefirstpublished":"2022-03-31T13:52:51.505752Z","dateupdated":"2022-05-19T16:09:54.147761Z","revision":22,"vrda_d1_directreport":null,"vrda_d1_population":null,"vrda_d1_impact":null,"cam_widelyknown":null,"cam_exploitation":null,"cam_internetinfrastructure":null,"cam_population":null,"cam_impact":null,"cam_easeofexploitation":null,"cam_attackeraccessrequired":null,"cam_scorecurrent":null,"cam_scorecurrentwidelyknown":null,"cam_scorecurrentwidelyknownexploited":null,"ipprotocol":null,"cvss_accessvector":null,"cvss_accesscomplexity":null,"cvss_authentication":null,"cvss_confidentialityimpact":null,"cvss_integrityimpact":null,"cvss_availabilityimpact":null,"cvss_exploitablity":null,"cvss_remediationlevel":null,"cvss_reportconfidence":null,"cvss_collateraldamagepotential":null,"cvss_targetdistribution":null,"cvss_securityrequirementscr":null,"cvss_securityrequirementsir":null,"cvss_securityrequirementsar":null,"cvss_basescore":null,"cvss_basevector":null,"cvss_temporalscore":null,"cvss_environmentalscore":null,"cvss_environmentalvector":null,"metric":null,"vulnote":66}