Skip to main content
ExLibris

Knowledge Assistant

BETA
Back
Rosetta

 

Ex Libris Knowledge Center
  1. Search site
    Go back to previous article
    2. Sign in
      • Sign in
      • Forgot password
  1. Home
  2. Rosetta
  3. Knowledge Articles
  4. Spring4Shell vulnerability in the Spring Framework

Spring4Shell vulnerability in the Spring Framework

  1. Last updated
  2. Save as PDF
  3. Share
    1. Share
    2. Tweet
    3. Share
  1. Question
  2. Answer
  • Product: Rosetta
  • Product Version: 7.2 

Question

Is Rosetta affected by Spring4Shell vulnerability in the Spring Framework?

Answer

CVE-2022-22965 – Rosetta is not vulnerable since it doesn’t use Spring MVC. 
The vulnerable jar can be removed from Rosetta version 7.2 and below application servers:

rm /exlibris/dps/d4_1/system.dir/thirdparty/tomcat/lib/spring-webmvc.jar

CVE-2022-22963 - Rosetta is not vulnerable since it doesn’t use the Spring Cloud Function. 

 

  • Article last edited: 05-APR-2022
View article in the Exlibris Knowledge Center
  1. Back to top
    • Source metadata identifiers in Rosetta version 6
    • SRU/SRW explain record gets no response
  • Was this article helpful?

Recommended articles

  1. Article type
    How-To
    Content Type
    Knowledge Article
    Language
    English
    Product
    Rosetta
  2. Tags
    1. Rosetta
    2. Security
  1. © Copyright 2024 Ex Libris Knowledge Center
  2. Powered by CXone Expert ®
  • Term of Use
  • Privacy Policy
  • Contact Us
2024 Ex Libris. All rights reserved