Quantcast
ESOUI - View Single Post - Java Vulnerability
View Single Post
04/01/22, 08:44 AM   #5
Dolby
Every day I'm shuffling
 
Dolby's Avatar
Premium Member
WoWInterface Admin
Join Date: Feb 2004
Posts: 1,242
Nope, but you can see the dependencies yourself if you press the (i) icon in the upper right of Minion

Originally Posted by UusSanct View Post
Does anyone know if Minion uses Java Spring?
A set of high-profile vulnerabilities have been identified affecting the popular Java Spring Framework and related software components - generally being referred to as Spring4Shell.

Four CVEs have been released so far and are being actively updated as new information emerges. These vulnerabilities can result, in the worst case, in full remote code execution (RCE) compromise:

CVE-2022-22947 - [official VMware post]
CVE-2022-22950 - [official VMware post]
CVE-2022-22963 - [official Spring project post]
CVE-2022-22965 - [official Spring project post]

Customers using Java Spring and related software components, such as the Spring Cloud Gateway, should immediately review their software and update to the latest versions by following the official Spring project guidance.
  Reply With Quote