Description

Spring Framework is vulnerable to a ClassLoader Manipulation vulnerability that can be escalated to Remote Code Execution on systems running JDK9+. Spring MVC and Spring WebFlux web applications may be vulnerable. Applications deployed as a Spring Boot executable jar are not vulnerable to the public exploit.

Remediation

Users of affected versions should apply the following mitigation: 5.3.x users should upgrade to 5.3.18+, 5.2.x users should upgrade to 5.2.20+.

References

Related Vulnerabilities