Spring4Shell π
A new zero-day vulnerability in the Spring Core Java framework called βSpring4Shellβ has been publicly disclosed, allowing unauthenticated remote code execution on applications.
Spring is a very popular application framework that allows software developers to quickly and easily develop Java applications with enterprise-level features. These applications can then be deployed on servers, such as Apache Tomcat, as stand-alone packages with all the required dependencies.
Today, an exploit for this zero-day vulnerability was briefly leaked and then removed but not before cybersecurity researchers could download the code.