Security Advisory: Spring Framework Vulnerability (CVE-2022-22965)
| Last Updated | 04 Apr 2022 |
|---|
Peer Software has been monitoring the news around the recently discovered remote code execution vulnerability that involves the Spring Framework (CVE-2022-22965). As this vulnerability is new, we will continue to review and post updates to this advisory as necessary.
Based on the information currently available, this vulnerability does not affect any of our products. More details can be found below.
| Product/Tool | Version(s) | Status | Description |
|---|---|---|---|
| Peer Global File Service | All | Not impacted | PeerGFS uses Spring Boot (which uses Spring Framework) in a few places, but does not use any packaged WAR files. |
| PeerLink | All | Not impacted | PeerLink does not use Spring Framework. |
| PeerSync | All | Not impacted | PeerSync does not use Spring Framework. |
| PeerLock | All | Not impacted | PeerLock does not use Spring Framework. |
| File System Analyzer | All | Not impacted | File System Analyzer does not use Spring Framework. |
| File Activity Analyzer | All | Not impacted | File Activity Analyzer does not use Spring Framework. |
| Health Checker | All | Not impacted | Health Checker does not use Spring Framework. |
Some additional notes on this and related vulnerabilities:
- A vulnerability has been reported for a related library named Spring Cloud Function (CVE-2022-22963). No Peer Software products or tools use this library and as such, none are impacted.
- Spring Framework RCE, Early Announcement
- CVE-2022-22965: Spring Framework RCE via Data Binding on JDK 9+ | Security | VMware Tanzu
If you have additional questions, please contact our support team via Peer Service Desk.