![OE logo.svg]](https://support.ovaledge.com/hubfs/OE%20logo.svg){kind=small}
Spring4Shell Security Vulnerability
(CVE-2022-22965) Press Release
On March 30, 2022, a critical remote code execution (RCE) vulnerability was found in the Spring Framework (Spring Core and the other in Spring Cloud Functions). More specifically, it is part of the spring-beans package, a transitive dependency in both spring-webmvc and spring-webflux
We want to reassure all our customers that the OvalEdge product is not impacted by this vulnerability.
Anyone using Spring on Java 9 or newer, especially those using TomCat are impacted by this vulnerability. Java 8 does not appear to be vulnerable and OvalEdge uses Java 8 for the development of it's product.
For more information:
https://www.lunasec.io/docs/blog/spring-rce-vulnerabilities/
Anyone using Spring on Java 9 or newer, especially those using TomCat. Java 8 does not appear to be vulnerable.
https://snyk.io/blog/spring4shell-zero-day-rce-spring-framework-explained/