CVE-2022-22965: Spring4Shell

CRITICAL
9.8CRITICAL
Published: 2022-03-31Affected: Spring Framework 5.3.x < 5.3.18 / 5.2.x < 5.2.20CWE-94

What is Spring4Shell?

Remote code execution via data binding in Spring MVC and Spring WebFlux when running on JDK 9+. Attackers can modify the ClassLoader through crafted HTTP parameters to achieve arbitrary file writes and shell execution.

Impact & Exploitation

Affected the most popular Java web framework. Exploits were available within 24 hours of disclosure. Government agencies issued emergency directives for patching.

How Precogs AI Detects Spring4Shell

Precogs AI detects vulnerable Spring Framework versions in compiled Java applications, Docker images, and Kubernetes deployments — even when Spring is transitively included through other dependencies.

Scan for CVE-2022-22965

Related Resources

🔍 Related CWE Entries

📋 OWASP Top 10

📖 Security Guides

🛡️ Notable Vulnerabilities

🔗 External References

Precogs Logo

Precogs Research

This vulnerability intelligence report was analyzed and enriched by the Precogs AI Security Team. Our researchers continuously monitor emerging threats across AI code, LLM pipelines, and binary architectures to ensure accurate real-time remediation guidance.

Base Score

CVSS9.8
SeverityCRITICAL
CWECWE-94
Published2022-03-31

Tags

javaspringrceweb

Quick Links

Is your system affected?

Precogs AI detects Spring4Shell in compiled binaries and firmware — even without source code.

Request Deep Analysis