Please find below our most recent information regarding the following two Spring vulnerabilities:
- Confirmed (Critical, CVSS 9.8): CVE-2022-22965 “Spring4Shell” in Spring Core
- Confirmed (Critical, CVSS 9.8): CVE-2022-22963 in Spring Cloud Function
Sparxsystems:
Sparx Systems does not use Spring in any of our products.