Incident Response & Threat Intelligence
Threat Advisory
Incident Response & Threat Intelligence

Threat Bulletin: SpringShell Vulnerability Targeting Spring Framework Core Module

GuidePoint Research and Intelligence Team (GRIT)

On March 30, 2022, a Chinese Security Researcher posted a proof-of-concept (POC) to GitHub documenting a vulnerability discovered in the Spring Framework module, Spring Core. This vulnerability, labeled by members of the information security community as SpringShell or Spring4Shell, has since been confirmed by the Spring Framework developers and published as CVE-2022-22965.

Download