security.snyk.io
Open in
urlscan Pro
2a02:26f0:1700:78c::ecd
Public Scan
Submitted URL: https://email.snyk.io/c/eJx9kV9rgzAUxT-NvpSIJmrSBx_cn5ZO1g47NvZ4Ta5rVo3FxI59--nWFbbCIHBzyS-cc-5VWSwTqnwJ7QH0q8k8fuVRaq...
Effective URL: https://security.snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORK-2330878
Submission: On January 27 via manual from IN — Scanned from DE
Effective URL: https://security.snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORK-2330878
Submission: On January 27 via manual from IN — Scanned from DE
Form analysis 2 forms found in the DOM
<form id="mktoForm_1461" style="display: none; font-family: Helvetica, Arial, sans-serif; font-size: 13px; color: rgb(51, 51, 51); width: 1px;" novalidate="novalidate" class="mktoForm mktoHasWidth mktoLayoutLeft">
<style type="text/css">
.mktoForm .mktoButtonWrap.mktoSimple .mktoButton {
color: #fff;
border: 1px solid #75ae4c;
padding: 0.4em 1em;
font-size: 1em;
background-color: #99c47c;
background-image: -webkit-gradient(linear, left top, left bottom, from(#99c47c), to(#75ae4c));
background-image: -webkit-linear-gradient(top, #99c47c, #75ae4c);
background-image: -moz-linear-gradient(top, #99c47c, #75ae4c);
background-image: linear-gradient(to bottom, #99c47c, #75ae4c);
}
.mktoForm .mktoButtonWrap.mktoSimple .mktoButton:hover {
border: 1px solid #447f19;
}
.mktoForm .mktoButtonWrap.mktoSimple .mktoButton:focus {
outline: none;
border: 1px solid #447f19;
}
.mktoForm .mktoButtonWrap.mktoSimple .mktoButton:active {
background-color: #75ae4c;
background-image: -webkit-gradient(linear, left top, left bottom, from(#75ae4c), to(#99c47c));
background-image: -webkit-linear-gradient(top, #75ae4c, #99c47c);
background-image: -moz-linear-gradient(top, #75ae4c, #99c47c);
background-image: linear-gradient(to bottom, #75ae4c, #99c47c);
}
</style>
<div class="mktoButtonRow"><span class="mktoButtonWrap mktoSimple" style="margin-left: 120px;"><button type="submit" class="mktoButton">Submit</button></span></div><input type="hidden" name="formid" class="mktoField mktoFieldDescriptor"
value="1461"><input type="hidden" name="munchkinId" class="mktoField mktoFieldDescriptor" value="677-THP-415">
</form><form style="display: none; font-family: Helvetica, Arial, sans-serif; font-size: 13px; color: rgb(51, 51, 51); visibility: hidden; position: absolute; top: -500px; left: -1000px; width: 1600px;" novalidate="novalidate"
class="mktoForm mktoHasWidth mktoLayoutLeft"></form>Text Content
The Log4Shell (CVE-2021-44228) critical vulnerability is widespread and currently being exploited in the wild. Fix this issue as soon as possible. See our blog for details. About Snyk 1. Snyk Vulnerability Database 2. Maven 3. org.springframework:spring-core IMPROPER INPUT VALIDATION AFFECTING ORG.SPRINGFRAMEWORK:SPRING-CORE OPEN THIS LINK IN A NEW TAB PACKAGE, VERSIONS [,5.2.19.RELEASE) [5.3.0,5.3.14) -------------------------------------------------------------------------------- 4.3 medium * ATTACK COMPLEXITY Low See more Do your applications use this vulnerable package? In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes. Test your applications * SNYK-ID SNYK-JAVA-ORGSPRINGFRAMEWORK-2330878 * PUBLISHED 6 Jan 2022 * DISCLOSED 6 Jan 2022 * CREDIT psytester Report a new vulnerability Found a mistake? INTRODUCED: 6 JAN 2022 New CVE-2021-22060 Open this link in a new tab CWE-20 Open this link in a new tab Share HOW TO FIX? Upgrade org.springframework:spring-core to version 5.2.19.RELEASE, 5.3.14 or higher. Sign up to Snyk for more details. OVERVIEW org.springframework:spring-core is a core package within the spring-framework that contains multiple classes and utilities. Affected versions of this package are vulnerable to Improper Input Validation when a user provides malicious input, causing insertion of additional log entries. REFERENCES * Pivotal Security Advisory PRODUCT * Snyk Open Source * Snyk Code * Snyk Container * Snyk Infrastructure as Code * Test with Github * Test with CLI RESOURCES * Vulnerability DB * Documentation * Disclosed Vulnerabilities * Blog * FAQs COMPANY * About * Jobs * Contact * Policies * Do Not Sell My Personal Information CONTACT US * Support * Report a new vuln * Press Kit * Events FIND US ONLINE * Twitter icon * Youtube icon * Facebook icon * Linkedin icon TRACK OUR DEVELOPMENT * Github icon * © 2022 Snyk Limited Registered in England and Wales. Company number: 09677925 Registered address: Highlands House, Basingstoke Road, Spencers Wood, Reading, Berkshire, RG7 1NT. Submit