Investigate vulnerability: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in org.springframework.boot/spring-boot-starter-web
Description:
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in org.springframework.boot:spring-boot-starter-web.
- Severity: critical
- Confidence: unknown
- Location: build.gradle
Solution:
Upgrade to versions 2.5.12, 2.6.6 or above.
Identifiers:
Links:
- https://github.com/advisories/GHSA-36p3-wjmg-h94x
- https://github.com/spring-projects/spring-boot/releases/tag/v2.5.12
- https://github.com/spring-projects/spring-boot/releases/tag/v2.6.6
- https://github.com/spring-projects/spring-framework/commit/002546b3e4b8d791ea6acccb81eb3168f51abb15
- https://github.com/spring-projects/spring-framework/releases/tag/v5.2.20.RELEASE
- https://github.com/spring-projects/spring-framework/releases/tag/v5.3.18
- https://nvd.nist.gov/vuln/detail/CVE-2022-22965
- https://spring.io/blog/2022/03/31/spring-framework-rce-early-announcement
- https://tanzu.vmware.com/security/cve-2022-22965
Scanner:
- Name: Gemnasium
- Type: dependency_scanning
- Status: success
- Start Time: 2022-05-09T11:52:33
- End Time: 2022-05-09T11:53:17