Home > Net >  Does application Spring4Shell- CVE-2022-2296 vulnerable if using spring-plugin-core : 1.2.0?
Does application Spring4Shell- CVE-2022-2296 vulnerable if using spring-plugin-core : 1.2.0?

Time:04-04

Is the system affected by CVE-2022-2296 if it only uses spring-plugin-core from the mentioned impacted list?

Configuration

  • java 8
  • Spring boot : 2.2.6.RELEASE
  • Packaged as executable JAR
  • spring-plugin-core : 1.2.0.RELEASE

CodePudding user response:

a quick search for Spring Boot 2.2.6.RELEASE shows the maven repository with all vulnerabilities listed: https://mvnrepository.com/artifact/org.springframework.boot/spring-boot/2.2.6.RELEASE

  • Related