Spring4Shell vulnerability in the Spring Framework
- Product: Rosetta
- Product Version: 7.2
Is Rosetta affected by Spring4Shell vulnerability in the Spring Framework?
CVE-2022-22965 – Rosetta is not vulnerable since it doesn’t use Spring MVC.
The vulnerable jar can be removed from Rosetta version 7.2 and below application servers:
CVE-2022-22963 - Rosetta is not vulnerable since it doesn’t use the Spring Cloud Function.
- Article last edited: 05-APR-2022