CVE-2022-22965 Spring4Shell: Spring Framework Zero-Day Security Vulnerability In 10 Minutes
Рет қаралды 7,879
2 жыл бұрынTime for an urgent security bulletin: A new nasty out there that will enable attackers to get a remote shell execution on your servers - under specific conditions. In this 10-minute video, I'll explain what is Spring4Shell vulnerability (CVE-2022-22965), how do the attacks look like and work, what are the potential consequences, and what are the available mitigations right now.
What this NOW to get started. A lot of software is being affected, and a lot of attacks happen right at this moment. This is not - right now - as common as log4shell, but shares many similarities.
As always, show the love by clicking those buttons, leaving comments, and sharing this video with those who should see it. Have got something to add to this video? Feel free to use the comments section!
I don't share the exploits (have to Google them :) - but here are some other links mentioned:
- cve.mitre.org/cgi-bin/cvename...
- www.springcloud.io/post/2022-...
- spring.io/blog/2022/03/31/spr...
Note: Breaking news:
[11:59 BST] Spring Framework versions 5.3.18 and 5.2.20, which address the vulnerability, are now available. The release process for Spring Boot is in progress
@jaffrayw 2 жыл бұрын
I appreciate the effort you have put into explaining this so clearly. Kudos
@DevXplaining 2 жыл бұрын
Thanks for the feedback, much appreciated! I notice these videos get attention. But I only do these on the most severe vulns, and try to keep these short so people find the time to watch these. I did this 5 times to get it compact enough :)
@harshildoshi6903 2 жыл бұрын
Thanks !! Great Help in keeping the community informed and safe : )
@DevXplaining 2 жыл бұрын
Thank you! Comments like this keep me going! :)
@gvrkrishna4857 2 жыл бұрын
Very informative video, useful for security folks who don’t know much about dev.
@DevXplaining 2 жыл бұрын
Thank you! Everything from dev viewpoint on this channel :) Happy you find it useful!
@harshadarahate3625 2 жыл бұрын
Thanks for the efforts taken to educate. Highly appreciated 👍
@DevXplaining 2 жыл бұрын
Thank you! Much appreciated!
@cyozdemir113 2 жыл бұрын
That was a really good explanation my friend, thanks. And I like the way you explain it.
@DevXplaining 2 жыл бұрын
Thank you! Much appreciated!
@vishekkumar3184 2 жыл бұрын
Nice explanation!!! thanks for the efforts :)
@DevXplaining 2 жыл бұрын
Hi, thank you for your comment!
@TheSlikstik 2 жыл бұрын
NIce info thnx!
@DevXplaining 2 жыл бұрын
Thank you! Appreciated!
@SantoshKumar-bm2iz 2 жыл бұрын
can you provide us this github link pls
@DevXplaining 2 жыл бұрын
Here you go! github.com/BobTheShoplifter/Spring4Shell-POC
@xz7665 2 жыл бұрын
TALK FAST! TALK FAST BRO!!
@DevXplaining 2 жыл бұрын
Hahaha :)
@BobTheShoplifter 2 жыл бұрын
Thank you for displaying my repo!
@DevXplaining 2 жыл бұрын
Cool, thank you for making it! :)
DevXplaining
Рет қаралды 286
DevXplaining
Рет қаралды 3,1 М.
CTF Security
Рет қаралды 3,2 М.
DevXplaining
Рет қаралды 3,7 М.
RedHunt Labs Limited (An ASM Company)
Рет қаралды 2,2 М.
Tech Primers
Рет қаралды 41 М.
DevXplaining
Рет қаралды 450