CSOonline

Remote code execution flaws in Spring and Spring Cloud frameworks put Java apps at risk

A remote code execution vulnerability in Spring Framework has sparked fears that it could have a widespread impact across enterprise environments. Spring is one of the most popular open-source ...
Bleeping Computer

New Spring Java framework zero-day allows remote code execution

A new zero-day vulnerability in the Spring Core Java framework called 'Spring4Shell' has been publicly disclosed, allowing unauthenticated remote code execution on applications. Spring is a very ...
ZDNet

Java unserialize remote code execution hole hits Commons Collections, JBoss, WebSphere, WebLogic

Researchers from Foxglove Security have reportedly discovered a remote code execution hole in the widely used Apache Commons library, thanks to the insecure method in which Java unserializes objects, ...