Java Spring Framework 0-Day RCE Bug
Abstract
Java Spring Framework 0-Day RCE Bug
There is a critical security vulnerability (CVE-2022-22965) in the Java Spring Framework used in PoolParty 8.1.5 and earlier versions.
PoolParty 8.1.6 – As suggested by the vendor, PoolParty 8.1.6 comes with Apache Tomcat 9.0.62. In Tomcat 9.0.62, specific class implementation was refactored in a way that provides adequate protection from the CVE exploitation. You can get PoolParty 8.1.6 from our download area.
To finally remediate the issue, we will upgrade the Java Spring Framework with the next major release of PoolParty.