Closed monze closed 2 years ago
Oxalis itself do Not use spring-* dependency. But Oxalis users are advised to check their back-end services for Spring4Shell vulnerabilities.
Am I Impacted? -source : https://spring.io/blog/2022/03/31/spring-framework-rce-early-announcement These are the requirements for the specific scenario from the report:
However, the nature of the vulnerability is more general, and there may be other ways to exploit it that have not been reported yet.
Links:
Hey
Dows Oxalix use Spring, and thereby is affected by the issue?
Spring4Shell: Security Analysis of the latest Java RCE '0-day' vulnerabilities in Spring For information: https://www.lunasec.io/docs/blog/spring-rce-vulnerabilities/
Jacob Mogensen mySupply Aps