Best of 2022: Update on 0-day vulnerabilities in Spring (Spring4Shell and CVE-2022-22963)
Quick update There are two vulnerabilities: one 0-day in Spring Core which is named Spring4Shell (very severe, exploited in the wild no CVE yet) and another one in Spring Cloud Function (less severe, CVE-2022-22963) Wallarm has rolled out the update to detect and mitigate both vulnerabilities No additional actions are ... Read More
Update on Spring Data MongoDB SpEL Expression Injection Vulnerability (CVE-2022-22980)
Background On June 20, 2022 Spring released Spring Data MongoDB 3.4.1 and 3.3.5 to address a critical CVE report: CVE-2022-22980: Spring Data MongoDB SpEL Expression injection vulnerability through annotated repository query methods. This vulnerability was originally reported on June 13, 2022. Wallarm SOC team already uses its exploitation in the wild ... Read More
5 things you must know about Log4Shell
This is the largest vulnerability we have seen in years. You may still be vulnerable even if your project is not based on Java. Many tech stacks are vulnerable because so many tools use the Log4js including infrastructure, dev-tools, and CI/CD products. Log4Shell will be here for a while. Log4j ... Read More
Wallarm starts to highlight CVE to address OWASP Top-10 A6 Vulnerable and Outdated Components
Attacks against known vulnerabilities are one of the most common security risks. Have you seen an updated OWASP Top-10? A risk that used to be A09 Using Components with Known Vulnerabilities is now titled A06:2021-Vulnerable and Outdated Components. This category moved up to #06 from #9 in 2017. We highlighted ... Read More
