This video covers the new Remote Code Execution vulnerability in Spring Framework (specifically spring-beans). We are going to discuss the following:
📌 Chapter Timestamps
===================
00:00 – Intro
00:19 – Agenda
01:19 – What is the Spring Vulnerability?
03:58 – Which versions of Spring/Spring Boot are affected?
06:32 – I run Spring Boot as a jar, should I be worried?
06:55 – Tactical fix
10:08 – Strategic fix
11:25 – I don’t use Spring Boot for my application, should I still be worried?
📌 Related Links
=============
🔗VMWare Blog – https://tanzu.vmware.com/security/cve-2022-22965
🔗Spring Blog – https://spring.io/blog/2022/03/31/spring-framework-rce-early-announcement
🔗Snyk Blog – https://security.snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORK-2436751
🔗Security blog – https://securityboulevard.com/2022/03/new-spring4shell-zero-day-vulnerability-confirmed-what-it-is-and-how-to-be-prepared/
🔗Spring4Shell – https://www.helpnetsecurity.com/2022/03/31/spring4shell/
Join this channel by contributing to the community:
https://www.youtube.com/channel/UCB12jjYsYv-eipCvBDcMbXw/join
📌 Related Playlist
================
🔗Spring Boot Primer – https://www.youtube.com/playlist?list=PLTyWtrsGknYegrUmDZB6rcqMotOFZKvbn
🔗Spring Cloud Primer – https://www.youtube.com/playlist?list=PLTyWtrsGknYeOJHtd3Ll93GRf28hrjlHV
🔗Spring Microservices Primer – https://www.youtube.com/playlist?list=PLTyWtrsGknYdZlO7LAZFEElWkEk59Y2ak
🔗Spring JPA Primer – https://www.youtube.com/playlist?list=PLTyWtrsGknYdt079e1pyvpgLrJ48RQ1LK
🔗Java 8 Streams – https://www.youtube.com/playlist?list=PLTyWtrsGknYdqY_7lwcbJ1z4bvc5yEEZl
🔗Spring Security Primer – https://www.youtube.com/playlist?list=PLTyWtrsGknYe0Sba9o-JRtnRlkl4gXMQl
💪 Join TechPrimers Slack Community: https://bit.ly/JoinTechPrimers
📟 Telegram: https://t.me/TechPrimers
🧮 TechPrimer HindSight (Blog): https://medium.com/TechPrimers
☁️ Website: http://techprimers.com
💪 Slack Community: https://techprimers.slack.com
🐦 Twitter: https://twitter.com/TechPrimers
📱 Facebook: http://fb.me/TechPrimers
💻 GitHub: https://github.com/TechPrimers or https://techprimers.github.io/
🎬 Video Editing: FCP
—————————————————————
🔥 Disclaimer/Policy:
The content/views/opinions posted here are solely mine and the code samples created by me are open sourced.
You are free to use the code samples in Github after forking and you can modify it for your own use.
All the videos posted here are copyrighted. You cannot re-distribute videos on this channel in other channels or platforms.
#RCEVulnerability #Spring #SpringVulnerability
