pjreed
commented
2 years ago Probably not. I have run a few tests on it ( https://github.com/BobTheShoplifter/Spring4Shell-POC and https://twitter.com/RandoriAttack/status/1509298490106593283 ) and they failed to exploit any vulnerabilities.
With that said, the Bag Database is using a fairly old version of Spring Core (5.0.2), so I'll take a look into what needs to be done to update that just to be safe.
Is bag-database affected by the Spring4Shell vulnerability?