security.snyk.io
Open in
urlscan Pro
2a02:26f0:fb:5b0::ecd
Public Scan
Submitted URL: https://email.snyk.io/c/eJx9kVtPg0AQhX8NvDRLYLnM8sADXtpUYmuo0fg47A52LZeGhRr_vaDYRJuYbDI72W9zzplRSSBDrmyJ9RH1a5NYcGVx3m...
Effective URL: https://security.snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORK-2329097
Submission: On January 27 via manual from IN — Scanned from DE
Effective URL: https://security.snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORK-2329097
Submission: On January 27 via manual from IN — Scanned from DE
Form analysis 2 forms found in the DOM
<form id="mktoForm_1461" style="display: none; font-family: Helvetica, Arial, sans-serif; font-size: 13px; color: rgb(51, 51, 51); width: 1px;" novalidate="novalidate" class="mktoForm mktoHasWidth mktoLayoutLeft">
<style type="text/css">
.mktoForm .mktoButtonWrap.mktoSimple .mktoButton {
color: #fff;
border: 1px solid #75ae4c;
padding: 0.4em 1em;
font-size: 1em;
background-color: #99c47c;
background-image: -webkit-gradient(linear, left top, left bottom, from(#99c47c), to(#75ae4c));
background-image: -webkit-linear-gradient(top, #99c47c, #75ae4c);
background-image: -moz-linear-gradient(top, #99c47c, #75ae4c);
background-image: linear-gradient(to bottom, #99c47c, #75ae4c);
}
.mktoForm .mktoButtonWrap.mktoSimple .mktoButton:hover {
border: 1px solid #447f19;
}
.mktoForm .mktoButtonWrap.mktoSimple .mktoButton:focus {
outline: none;
border: 1px solid #447f19;
}
.mktoForm .mktoButtonWrap.mktoSimple .mktoButton:active {
background-color: #75ae4c;
background-image: -webkit-gradient(linear, left top, left bottom, from(#75ae4c), to(#99c47c));
background-image: -webkit-linear-gradient(top, #75ae4c, #99c47c);
background-image: -moz-linear-gradient(top, #75ae4c, #99c47c);
background-image: linear-gradient(to bottom, #75ae4c, #99c47c);
}
</style>
<div class="mktoButtonRow"><span class="mktoButtonWrap mktoSimple" style="margin-left: 120px;"><button type="submit" class="mktoButton">Submit</button></span></div><input type="hidden" name="formid" class="mktoField mktoFieldDescriptor"
value="1461"><input type="hidden" name="munchkinId" class="mktoField mktoFieldDescriptor" value="677-THP-415">
</form><form style="display: none; font-family: Helvetica, Arial, sans-serif; font-size: 13px; color: rgb(51, 51, 51); visibility: hidden; position: absolute; top: -500px; left: -1000px; width: 1600px;" novalidate="novalidate"
class="mktoForm mktoHasWidth mktoLayoutLeft"></form>Text Content
The Log4Shell (CVE-2021-44228) critical vulnerability is widespread and currently being exploited in the wild. Fix this issue as soon as possible. See our blog for details. About Snyk 1. Snyk Vulnerability Database 2. Maven 3. org.springframework:spring-core IMPROPER OUTPUT NEUTRALIZATION FOR LOGS AFFECTING ORG.SPRINGFRAMEWORK:SPRING-CORE OPEN THIS LINK IN A NEW TAB PACKAGE, VERSIONS [5.3.0,5.3.12) [,5.2.18) -------------------------------------------------------------------------------- 4.3 medium * ATTACK COMPLEXITY Low See more Do your applications use this vulnerable package? In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes. Test your applications * SNYK-ID SNYK-JAVA-ORGSPRINGFRAMEWORK-2329097 * PUBLISHED 27 Oct 2021 * DISCLOSED 27 Oct 2021 * CREDIT Dennis Kennedy Report a new vulnerability Found a mistake? INTRODUCED: 27 OCT 2021 CVE-2021-22096 Open this link in a new tab CWE-20 Open this link in a new tab Share HOW TO FIX? Upgrade org.springframework:spring-core to version 5.3.12, 5.2.18 or higher. Sign up to Snyk for more details. OVERVIEW org.springframework:spring-core is a core package within the spring-framework that contains multiple classes and utilities. Affected versions of this package are vulnerable to Improper Output Neutralization for Logs when a user provides malicious input, causing insertion of additional log entries. REFERENCES * Github Commit * Pivotal Security Advisory PRODUCT * Snyk Open Source * Snyk Code * Snyk Container * Snyk Infrastructure as Code * Test with Github * Test with CLI RESOURCES * Vulnerability DB * Documentation * Disclosed Vulnerabilities * Blog * FAQs COMPANY * About * Jobs * Contact * Policies * Do Not Sell My Personal Information CONTACT US * Support * Report a new vuln * Press Kit * Events FIND US ONLINE * Twitter icon * Youtube icon * Facebook icon * Linkedin icon TRACK OUR DEVELOPMENT * Github icon * © 2022 Snyk Limited Registered in England and Wales. Company number: 09677925 Registered address: Highlands House, Basingstoke Road, Spencers Wood, Reading, Berkshire, RG7 1NT. Submit