Spring4Shell vulnerability in the Spring Framework

Last updated
Save as PDF
Share
1. Share
2. Tweet
3. Share

Product: Rosetta
Product Version: 7.2

Question

Is Rosetta affected by Spring4Shell vulnerability in the Spring Framework?

Answer

CVE-2022-22965 – Rosetta is not vulnerable since it doesn’t use Spring MVC.
The vulnerable jar can be removed from Rosetta version 7.2 and below application servers:

rm /exlibris/dps/d4_1/system.dir/thirdparty/tomcat/lib/spring-webmvc.jar

CVE-2022-22963 - Rosetta is not vulnerable since it doesn’t use the Spring Cloud Function.

Article last edited: 05-APR-2022