Spring Core RCE
After Spring Cloud, on March 29, another heavyweight vulnerability of Spring broke out on the Internet: Spring Core RCE
Circulating coding poc
The exploit has been uploaded so far exp.py
Spring's official patch is also actively rushing
Patch Links in Spring Production
Vulnerability Impact
- JDK version 9 and above
- Spring Framework or derived frameworks are used
Bug fix suggestion
At present, Spring has not officially released a patch, it is recommended to reduce the jdk version as a temporary solution