Spring Core RCE (CVE-2022–22965) -A Deep Understanding

In this post, I provide a detailed explanation of CVE-2022–22965, providing the necessary background and a deep comprehensive understanding of the vulnerability.

We aim to answer the following questions:

• What is CVE-2022–22965 ( how is it linked to CVE-2010–1622) ?
• Why does it affects only JDK9+?
• Why does it only affects Spring default binding?
• Why does it only affects Spring applications deployed on Tomcat using WAR packaging?