Vulnerability in Spring Framework Affecting Cisco Products – Updated 2/3/23
On March 31, 2022, the following critical vulnerability in the Spring Framework affecting Spring MVC and Spring WebFlux applications running on JDK 9+ was released:
CVE-2022-22965: Spring Framework RCE via Data Binding on JDK 9+
For a description of this vulnerability, see VMware Spring Framework Security Vulnerability Report.
|1.13||Updated products confirmed not vulnerable.||Affected Products||Final||2023-FEB-09|
|1.12||Updated Fixed Releases information.||Vulnerable Products||Final||2022-JUN-01|
This advisory is available at the following link: