VDB
RHSA-2022%3A1626
RHSA-2022%3A1626
PUBLISHED
CVSS 8.100000381469727 HIGH
A flaw was found in Spring Framework, specifically within two modules called Spring MVC and Spring WebFlux, (transitively affected from Spring Beans), using parameter data binding. This flaw allows an attacker to pass specially-constructed malicious requests to certain parameters and possibly gain access to normally-restricted functionality within the Java Virtual Machine.
Risk Scores
CVSS 3.1
8.100000381469727
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Red Hat | Red Hat AMQ 7.8.6 |
Exploit Intelligence
- Kuri119/CVE-2022-22965-Spring4Shell (github-poc-repo)
- Kuri119/CVE-2022-22965-Spring4Shell (github-poc)
- JFrog AppTrust lifecycle policy enforcement demo — shows release gate blocking CVE-2022-22965 (Spring4Shell) with waiver request flow (github-poc)
- JFrog AppTrust lifecycle policy enforcement demo — shows release gate blocking CVE-2022-22965 (Spring4Shell) with waiver request flow (github-poc-repo)
- Spring4Shell (CVE-2022-22965) 漏洞環境搭建與 CTF 題目 (github-poc-repo)
- Description (github-poc-repo)
- Description (github-poc)
- Spring4Shell (CVE-2022-22965) 漏洞環境搭建與 CTF 題目 (github-poc)
- felisha-elmer/Sandbox-Challenge-Spring4Shell-CVE-2022-22965- (github-poc-repo)
- felisha-elmer/Sandbox-Challenge-Spring4Shell-CVE-2022-22965- (github-poc)
…and 145 more exploits
Timeline
- Apr 27, 2022 CVE Published
- Mar 18, 2026 CVE Updated
- May 1, 2026 Distribution Patch
- May 1, 2026 Distribution Patch
- May 1, 2026 Security Advisory
- May 1, 2026 Security Advisory
References
- https://access.redhat.com/errata/RHSA-2022:1626 advisory
- https://access.redhat.com/security/updates/classification/#low advisory
- https://access.redhat.com/security/vulnerabilities/RHSB-2022-003 advisory
- https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions&product=jboss.amq.broker&version=7.8.6 advisory
- https://access.redhat.com/documentation/en-us/red_hat_amq/ advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2070348 issue
- https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_1626.json advisory
- https://access.redhat.com/security/cve/CVE-2022-22965 advisory
- https://www.cve.org/CVERecord?id=CVE-2022-22965 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2022-22965 advisory
- https://spring.io/blog/2022/03/31/spring-framework-rce-early-announcement advisory
- https://tanzu.vmware.com/security/cve-2022-22965 advisory
- https://www.cyberkendra.com/2022/03/spring4shell-details-and-exploit-code.html exploit
- https://www.praetorian.com/blog/spring-core-jdk9-rce/ advisory
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog exploit