skip to Main Content
This website use cookies which are necessary to its functioning and required to achieve the purposes illustrated in the privacy policy. To learn more or withdraw consent please click on Learn More. By continued use of this website you are consenting to our use of cookies.



Subscribe to our Security Newsletter

On March 31st, 2022, a zero-day vulnerability found in the popular Java Web application development framework Spring put numerous Web applications at risk of a remote attack. The flaw, dubbed Spring4Shell and SpringShell, has caused a great deal of confusion over the past 24 hours as the security community tries to determine if the issue is in fact new, or related to older vulnerabilities.

As of March 31st, 2022, Spring has confirmed the zero-day vulnerability and has released Spring Framework versions to address it. The vulnerability impacts Spring MVC and Spring WebFlux applications running on JDK 9+.

In this brief Bugcrowd Security Flash video, Casey Ellis (Founder, Chairman, and CTO of Bugcrowd) and Adam Foster (Application Security Engineer at Bugcrowd) help clear up the confusion and answer questions such as:

  • What happened?
  • What are the vulnerabilities?
  • How serious is the flaw and how is it exploited?
  • What should you do to stay secure?
  • How can Bugcrowd help?
Back To Top