'[jira] [Commented] (AXIS2-6032) About Spring RCE 0Days Vulnerability'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       axis-user-ja
Subject:    [jira] [Commented] (AXIS2-6032) About Spring RCE 0Days Vulnerability
From:       "yanglin (Jira)" <jira () apache ! org>
Date:       2022-04-08 1:49:00
Message-ID: JIRA.13438086.1649228649000.31813.1649382540045 () Atlassian ! JIRA
[Download RAW message or body]


    [ https://issues.apache.org/jira/browse/AXIS2-6032?page=com.atlassian.jira.plugin. \
system.issuetabpanels:comment-tabpanel&focusedCommentId=17519264#comment-17519264 ] 

yanglin commented on AXIS2-6032:
--------------------------------

ok thanks  

> About Spring RCE 0Days Vulnerability
> ------------------------------------
> 
> Key: AXIS2-6032
> URL: https://issues.apache.org/jira/browse/AXIS2-6032
> Project: Axis2
> Issue Type: Bug
> Affects Versions: 1.7.9, 1.8.0
> Reporter: yanglin
> Priority: Critical
> 
> Hello !
> Is AXIS2 affected by spring rce vulnerability?
> if so , will a new version be released ?
> 
> CVE-2022-22965: A Spring MVC or Spring WebFlux application running on JDK 9+ may be \
> vulnerable to remote code execution (RCE) via data binding \
> https://nvd.nist.gov/vuln/detail/CVE-2022-22965



--
This message was sent by Atlassian Jira
(v8.20.1#820001)

---------------------------------------------------------------------
To unsubscribe, e-mail: java-dev-unsubscribe@axis.apache.org
For additional commands, e-mail: java-dev-help@axis.apache.org


[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic