VDB
RHSA-2022%3A1333
RHSA-2022%3A1333
PUBLISHED
CVSS 8.100000381469727 HIGH
A flaw was found in Spring Framework, specifically within two modules called Spring MVC and Spring WebFlux, (transitively affected from Spring Beans), using parameter data binding. This flaw allows an attacker to pass specially-constructed malicious requests to certain parameters and possibly gain access to normally-restricted functionality within the Java Virtual Machine.
Risk Scores
CVSS 3.1
8.100000381469727
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Red Hat | RHINT Camel-K 1.6.5 |
Timeline
- Apr 12, 2022 CVE Published
- Mar 18, 2026 CVE Updated
- May 1, 2026 Distribution Patch
- May 1, 2026 Distribution Patch
- May 1, 2026 Security Advisory
- May 1, 2026 Security Advisory
References
- https://access.redhat.com/errata/RHSA-2022:1333 advisory
- https://access.redhat.com/security/vulnerabilities/RHSB-2022-003 advisory
- https://access.redhat.com/security/updates/classification/#low advisory
- https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions&product=red.hat.integration&version=2022-Q2 advisory
- https://access.redhat.com/documentation/en-us/red_hat_integration/2022.q1 advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2070348 issue
- https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_1333.json advisory
- https://access.redhat.com/security/cve/CVE-2022-22965 advisory
- https://www.cve.org/CVERecord?id=CVE-2022-22965 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2022-22965 advisory
- https://spring.io/blog/2022/03/31/spring-framework-rce-early-announcement advisory
- https://tanzu.vmware.com/security/cve-2022-22965 advisory
- https://www.cyberkendra.com/2022/03/spring4shell-details-and-exploit-code.html exploit
- https://www.praetorian.com/blog/spring-core-jdk9-rce/ advisory
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog exploit