{"id":45984,"date":"2022-03-31T22:24:24","date_gmt":"2022-03-31T22:24:24","guid":{"rendered":"https:\/\/www.darkreading.com\/vulnerabilities-threats\/spring-fixes-zero-day-vulnerability-in-framework-spring-boot"},"modified":"2022-03-31T22:24:24","modified_gmt":"2022-03-31T22:24:24","slug":"spring-fixes-zero-day-vulnerability-in-framework-and-spring-boot","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/spring-fixes-zero-day-vulnerability-in-framework-and-spring-boot\/","title":{"rendered":"Spring Fixes Zero-Day Vulnerability in Framework and Spring Boot"},"content":{"rendered":"<div><img decoding=\"async\" src=\"https:\/\/eu-images.contentstack.com\/v3\/assets\/blt66983808af36a8ef\/blta1d111cfde302652\/61c1fb38aadfda3b6f29f4b2\/Vulnerabilities_JVPhoto_Alamy-crop.png\" class=\"ff-og-image-inserted\"><\/div>\n<p>The Spring development team today acknowledged the newly reported SpringShell, also called Spring4Shell, vulnerability, releasing new versions of the Spring Framework and Spring Boot to fix the root cause of the issue in the popular Java frameworks.<\/p>\n<p>The vulnerability \u2014 issued the Common Vulnerabilities and Exposures (CVE) identifier CVE-2022-22965 \u2014 affects applications that use Spring MVC, a framework implementing the model-view-controller architecture for Web applications, and Spring WebFlux, if they run on version 9.0 or higher of the Java Development Kit, according to an advisory the Spring developers issued.<\/p>\n<p>The current exploit for the issue, however, is somewhat limited, as it requires that the application is deployed as a specific type of file \u2014 a Web Archive (WAR) file \u2014 on Apache Tomcat, rather than the standard deployment method of a Spring Boot executable in the Java Archive (JAR) format.<\/p>\n<p>However, as more security researchers examine the code and search for additional paths through which to exploit the vulnerability, that could change, Spring committer Rossen Stoyanchev warned in the advisory.\/p&gt;\n<\/p>\n<p>&#8220;The nature of the vulnerability is more general, and there may be other ways to exploit it,&#8221; he said.<\/p>\n<p><strong>Time to Patch Spring Apps<\/strong><br \/>Companies should prioritize patching all of their Spring Framework- and Spring Boot-based applications, even if they do not run the specific, known-vulnerable configurations, security experts say. Development teams often do not know their full software bill-of-materials (SBOM), which could leave them unaware of potentially vulnerable configurations. <\/p>\n<p>In addition, these sorts of vulnerabilities tend to &#8220;mutate over time as researchers look for other avenues of exploitation,&#8221; says Ilkka Turunen, field CTO at software management and security firm Sonatype.<\/p>\n<p>&#8220;What is very typical in a situation like this \u2014 just look back three months at Log4j \u2014 there is a ton of attention being cast on the issue, both good and bad, researchers thinking about the exploitable classes,&#8221; he says. &#8220;However, that quickly evolves. In Log4j we found four other CVEs come out related to the original issue, and we expect that to happen here.&#8221;<\/p>\n<p>The Spring developers first learned of the vulnerability on Tuesday, March 29, but the details of the issues leaked out before the development team had finished the patch and disclosure, Spring&#8217;s Stoyanchev <a href=\"https:\/\/spring.io\/blog\/2022\/03\/31\/spring-framework-rce-early-announcement\" target=\"_blank\" rel=\"noopener\">stated in the Spring advisory<\/a>.<\/p>\n<p>&#8220;On Wednesday we worked through investigation, analysis, identifying a fix, testing, while aiming for emergency releases on Thursday,&#8221; he said. &#8220;In the mean time, also on Wednesday, details were leaked in full detail online, which is why we are providing this update ahead of the releases and the CVE report.&#8221;<\/p>\n<p>Figuring out whether a company&#8217;s Spring-based applications are vulnerable will be difficult for most companies, as this is &#8220;a particularly tricky vulnerability,&#8221; Edward Wu, senior principal data scientist for ExtraHop, a cloud cybersecurity firm, said in a statement sent to Dark Reading.<\/p>\n<p>&#8220;Most teams have hundreds of vendor-provided software in their environments that may or may not be running Spring Core,&#8221; he says. &#8220;They often don\u2019t have access to the source code and will struggle to determine if they\u2019re vulnerable. It will be important for organizations to be able to query their environment but also track activity within their network as a single source of truth.&#8221;<\/p>\n<p><strong>Not the Next Log4j<\/strong><br \/>Overall, however, the vulnerability in Spring falls short of the Log4Shell exploit for the critical vulnerability in Log4j, even though some companies have placed the two issues on the same level, Dan Murphy, distinguished architect at application security provider Invicti, said in a statement.<\/p>\n<p>Spring4Shell, as some companies have named the vulnerability, relies on a configuration that is not the default for modern Spring applications, he said. If a company runs their Spring Boot apps as a standalone application, then they are likely not vulnerable.<\/p>\n<p>&#8220;While the Spring4Shell vulnerability is serious and absolutely needs patching, our initial findings indicate it won&#8217;t be the next Log4Shell incident,&#8221; Murphy said. &#8220;That said, organizations should still follow standard best practices and make a plan to patch. The underlying issue is still present and could potentially be exploited in as-yet-undiscovered ways.&#8221;<\/p>\n<p>On Wednesday, several security researchers had confused the new exploit with information circulating around a second vulnerability that had been disclosed the prior day. The vulnerability, <a href=\"https:\/\/spring.io\/blog\/2022\/03\/29\/cve-report-published-for-spring-cloud-function\" target=\"_blank\" rel=\"noopener\">CVE-2022-22963<\/a>, affects the Spring Cloud Function library, but also had been assigned the wrong severity. The Spring development team upgraded that vulnerability&#8217;s severity to &#8220;Critical&#8221; on March 31.<\/p>\n<p>Read More <a href=\"https:\/\/www.darkreading.com\/vulnerabilities-threats\/spring-fixes-zero-day-vulnerability-in-framework-spring-boot\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>The exploit requires a specific nonstandard configuration to work, limiting the danger it poses, but future research could turn up more broadly usable attacks.Read More <a href=\"https:\/\/www.darkreading.com\/vulnerabilities-threats\/spring-fixes-zero-day-vulnerability-in-framework-spring-boot\">HERE<\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[151],"tags":[],"class_list":["post-45984","post","type-post","status-publish","format-standard","hentry","category-darkreading-ti"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.6 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Spring Fixes Zero-Day Vulnerability in Framework and Spring Boot 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/spring-fixes-zero-day-vulnerability-in-framework-and-spring-boot\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Spring Fixes Zero-Day Vulnerability in Framework and Spring Boot 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/spring-fixes-zero-day-vulnerability-in-framework-and-spring-boot\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2022-03-31T22:24:24+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/eu-images.contentstack.com\/v3\/assets\/blt66983808af36a8ef\/blta1d111cfde302652\/61c1fb38aadfda3b6f29f4b2\/Vulnerabilities_JVPhoto_Alamy-crop.png\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/spring-fixes-zero-day-vulnerability-in-framework-and-spring-boot\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/spring-fixes-zero-day-vulnerability-in-framework-and-spring-boot\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"Spring Fixes Zero-Day Vulnerability in Framework and Spring Boot\",\"datePublished\":\"2022-03-31T22:24:24+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/spring-fixes-zero-day-vulnerability-in-framework-and-spring-boot\\\/\"},\"wordCount\":747,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/spring-fixes-zero-day-vulnerability-in-framework-and-spring-boot\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/eu-images.contentstack.com\\\/v3\\\/assets\\\/blt66983808af36a8ef\\\/blta1d111cfde302652\\\/61c1fb38aadfda3b6f29f4b2\\\/Vulnerabilities_JVPhoto_Alamy-crop.png\",\"articleSection\":[\"DarkReading |TI\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/spring-fixes-zero-day-vulnerability-in-framework-and-spring-boot\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/spring-fixes-zero-day-vulnerability-in-framework-and-spring-boot\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/spring-fixes-zero-day-vulnerability-in-framework-and-spring-boot\\\/\",\"name\":\"Spring Fixes Zero-Day Vulnerability in Framework and Spring Boot 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/spring-fixes-zero-day-vulnerability-in-framework-and-spring-boot\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/spring-fixes-zero-day-vulnerability-in-framework-and-spring-boot\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/eu-images.contentstack.com\\\/v3\\\/assets\\\/blt66983808af36a8ef\\\/blta1d111cfde302652\\\/61c1fb38aadfda3b6f29f4b2\\\/Vulnerabilities_JVPhoto_Alamy-crop.png\",\"datePublished\":\"2022-03-31T22:24:24+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/spring-fixes-zero-day-vulnerability-in-framework-and-spring-boot\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/spring-fixes-zero-day-vulnerability-in-framework-and-spring-boot\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/spring-fixes-zero-day-vulnerability-in-framework-and-spring-boot\\\/#primaryimage\",\"url\":\"https:\\\/\\\/eu-images.contentstack.com\\\/v3\\\/assets\\\/blt66983808af36a8ef\\\/blta1d111cfde302652\\\/61c1fb38aadfda3b6f29f4b2\\\/Vulnerabilities_JVPhoto_Alamy-crop.png\",\"contentUrl\":\"https:\\\/\\\/eu-images.contentstack.com\\\/v3\\\/assets\\\/blt66983808af36a8ef\\\/blta1d111cfde302652\\\/61c1fb38aadfda3b6f29f4b2\\\/Vulnerabilities_JVPhoto_Alamy-crop.png\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/spring-fixes-zero-day-vulnerability-in-framework-and-spring-boot\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Spring Fixes Zero-Day Vulnerability in Framework and Spring Boot\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Spring Fixes Zero-Day Vulnerability in Framework and Spring Boot 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/spring-fixes-zero-day-vulnerability-in-framework-and-spring-boot\/","og_locale":"en_US","og_type":"article","og_title":"Spring Fixes Zero-Day Vulnerability in Framework and Spring Boot 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/spring-fixes-zero-day-vulnerability-in-framework-and-spring-boot\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2022-03-31T22:24:24+00:00","og_image":[{"url":"https:\/\/eu-images.contentstack.com\/v3\/assets\/blt66983808af36a8ef\/blta1d111cfde302652\/61c1fb38aadfda3b6f29f4b2\/Vulnerabilities_JVPhoto_Alamy-crop.png","type":"","width":"","height":""}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/spring-fixes-zero-day-vulnerability-in-framework-and-spring-boot\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/spring-fixes-zero-day-vulnerability-in-framework-and-spring-boot\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"Spring Fixes Zero-Day Vulnerability in Framework and Spring Boot","datePublished":"2022-03-31T22:24:24+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/spring-fixes-zero-day-vulnerability-in-framework-and-spring-boot\/"},"wordCount":747,"commentCount":0,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/spring-fixes-zero-day-vulnerability-in-framework-and-spring-boot\/#primaryimage"},"thumbnailUrl":"https:\/\/eu-images.contentstack.com\/v3\/assets\/blt66983808af36a8ef\/blta1d111cfde302652\/61c1fb38aadfda3b6f29f4b2\/Vulnerabilities_JVPhoto_Alamy-crop.png","articleSection":["DarkReading |TI"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.threatshub.org\/blog\/spring-fixes-zero-day-vulnerability-in-framework-and-spring-boot\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/spring-fixes-zero-day-vulnerability-in-framework-and-spring-boot\/","url":"https:\/\/www.threatshub.org\/blog\/spring-fixes-zero-day-vulnerability-in-framework-and-spring-boot\/","name":"Spring Fixes Zero-Day Vulnerability in Framework and Spring Boot 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/spring-fixes-zero-day-vulnerability-in-framework-and-spring-boot\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/spring-fixes-zero-day-vulnerability-in-framework-and-spring-boot\/#primaryimage"},"thumbnailUrl":"https:\/\/eu-images.contentstack.com\/v3\/assets\/blt66983808af36a8ef\/blta1d111cfde302652\/61c1fb38aadfda3b6f29f4b2\/Vulnerabilities_JVPhoto_Alamy-crop.png","datePublished":"2022-03-31T22:24:24+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/spring-fixes-zero-day-vulnerability-in-framework-and-spring-boot\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/spring-fixes-zero-day-vulnerability-in-framework-and-spring-boot\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/spring-fixes-zero-day-vulnerability-in-framework-and-spring-boot\/#primaryimage","url":"https:\/\/eu-images.contentstack.com\/v3\/assets\/blt66983808af36a8ef\/blta1d111cfde302652\/61c1fb38aadfda3b6f29f4b2\/Vulnerabilities_JVPhoto_Alamy-crop.png","contentUrl":"https:\/\/eu-images.contentstack.com\/v3\/assets\/blt66983808af36a8ef\/blta1d111cfde302652\/61c1fb38aadfda3b6f29f4b2\/Vulnerabilities_JVPhoto_Alamy-crop.png"},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/spring-fixes-zero-day-vulnerability-in-framework-and-spring-boot\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"Spring Fixes Zero-Day Vulnerability in Framework and Spring Boot"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/45984","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=45984"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/45984\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=45984"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=45984"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=45984"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}