SpringShell/Spring4Shell: RCE via data binding in Spring Framework — affects all apps on Spring MVC/WebFlux with JDK 9+. Exploited by Mirai botnets within hours of disclosure. Update Spring Framework to 5.3.18/5.2.20+. Verify JDK versions.
A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. SpringShell.
Exploit-DB.ai delivers real-time AI-triaged zero-day alerts directly to your inbox.
Activate Supernova →