Security teams around the world got another shock on Thursday when news of disclosure of a PoC for an unauthenticated RCE zero-day vulnerability in Spring Core, a massively popular framework for building modern Java-based enterprise applications, began circulating online.
Thanks to many security researchers, the situation is a bit clearer today and there’s no need to panic just yet: Unlike Log4Shell, this new flaw – with no official CVE and currently nicknamed Spring4Shell – seems to only be exploitable in certain configurations.
