Spring Core RCE (CVE-2022–22965) -A Deep Understanding
Published in
8 min readApr 2, 2022
In this post, I provide a detailed explanation of CVE-2022–22965, providing the necessary background and a deep comprehensive understanding of the vulnerability.
We aim to answer the following questions:
- What is CVE-2022–22965 ( how is it linked to CVE-2010–1622) ?
- Why does it affects only JDK9+?
- Why does it only affects Spring default binding?
- Why does it only affects Spring applications deployed on Tomcat using WAR packaging?