Bug 1197879 - (CVE-2022-22965) VUL-0: CVE-2022-22965: spring framework rce
VUL-0: CVE-2022-22965: spring framework rce
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
Other Other
: P3 - Medium : Normal
: ---
Assigned To: Security Team bot
Security Team bot
Depends on:
  Show dependency treegraph
Reported: 2022-03-31 13:58 UTC by Marcus Meissner
Modified: 2022-04-04 09:27 UTC (History)
1 user (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Marcus Meissner 2022-03-31 13:58:01 UTC
Here are official announcements regarding the Spring Framework RCE:                                                                                                                          
- https://spring.io/blog/2022/03/31/spring-framework-rce-early-announcement                                                                                                                  
- https://tanzu.vmware.com/security/cve-2022-22965
Comment 1 Marcus Meissner 2022-03-31 14:00:44 UTC
see also bug 1197879
Comment 2 Marcus Meissner 2022-03-31 14:51:26 UTC
We are currently investigating if SUSE / openSUSE contains spring core, but we have so far not found anything.
Comment 3 Marcus Meissner 2022-04-04 09:27:14 UTC
SUSE does not include the Spring framework in its products.