[prev in list] [next in list] [prev in thread] [next in thread]
List: maven-user
Subject: Re: CVE-2022-22963 and CVE-2022-22965
From: Tushar Kapila <tgkprog () gmail ! com>
Date: 2022-04-09 3:46:43
Message-ID: CAN0SkmnvNrD9ezuiSw4ZvbvvbLJYMw+pVbUNSd8FDeGgwxj-2w () mail ! gmail ! com
[Download RAW message or body]
Bernd
Just say:
By the power of Grayskull, and you will have all the answers ;)
Donnel
You might get a few answers on forums, but if you need help to put ut all
together consider hiring someone. Freelancer.com I'd one resource. Besides
aunty Google
On Sat, Apr 9, 2022, 07:53 Bernd Eckenfels <ecki@zusammenkunft.net> wrote:
> Hello Donnel,
>
> We need you to do your own research, the Apache Open Source Project Maven
> is not "your vendor" and also not related with Spring. How should "we" know
> what and how you are using it?
>
> Gruss
> Bernd
> --
> http://bernd.eckenfels.net
> ________________________________
> Von: DONNELL M GARRETT <DONNELL.GARRETT@bcbssc.com>
> Gesendet: Freitag, April 8, 2022 9:25 PM
> An: users@maven.apache.org <users@maven.apache.org>
> Betreff: CVE-2022-22963 and CVE-2022-22965
>
> On March 31, 2022 a pair of significant vulnerabilities were identified in
> the Java Spring Framework which would allow an attacker to execute
> malicious code.
>
> * CVE-2022-22963 - https://tanzu.vmware.com/security/cve-2022-22963
> * CVE-2022-22965 - https://tanzu.vmware.com/security/cve-2022-22965
>
> It is critical for all of our vendors to determine if their software is
> impacted so that remediation steps can be taken. We need your company to
> respond to the following questions immediately:
>
>
> * Is your product impacted by CVE-2022-22963 or CVE-2022-22965?
> * Is your product built on Java?
> * Does your product depend on the Spring Cloud Function project? If
> so, what version?
> * Does your product depend on Spring Framework? If so, what version?
> * Does the product require JDK 9 or higher?
> * Does the product have a dependency on spring-webmvc?
> * Does the product have a dependency on spring-webflux?
>
>
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic