Return to forum

**479** · March 31, 2022 at 12:44 PM

Spring4Shell RCE (CVE-2022-22963)

Spring4Shell: Security Analysis of the latest Java RCE '0-day' vulnerabilities in Spring

On March 29th, 2022, two RCE vulnerabilities were being discussed on the internet. Most of the people talking about them believe they're talking about "Spring4Shell", but in reality they're swapping notes about CVE-2022-22963.

https://www.lunasec.io/docs/blog/spring-rce-vulnerabilities/

POCs (any leecher hide):

Hidden Content

You must register or login to view this content.

More:
https://www.cyberkendra.com/2022/03/rce-0-day-exploit-found-in-spring-cloud.html
https://nsfocusglobal.com/spring-cloud-function-spel-expression-injection-vulnerability-alert/

code_qeqe · March 31, 2022 at 1:19 PM

Thank you

ipiDa · March 31, 2022 at 1:23 PM

thanks for sharing !!!!!

JDSupreme23 · March 31, 2022 at 1:36 PM

Yeah, I thought spring had already been published. I was confused as well.

c1uck · March 31, 2022 at 2:09 PM

thanks for sharing !!!!!

sabella · March 31, 2022 at 2:15 PM

thanks for sharing !!!!!

Sid · April 1, 2022 at 12:46 PM

Thanks.

G1ld3d · April 1, 2022 at 12:55 PM

Nice share! Thank you!

pepe · April 1, 2022 at 9:32 PM

Do a quick search on github for the same, unlimited exploits...

code a stupid mass scanner

Quick scan on internet and mass exploit.. unlimited pwns!!!

thekilob · April 4, 2022 at 5:37 AM

Meh, this was honestly quite underwhelming.