On March 30th, a new vulnerability was reported in Spring Beans, currently being dubbed “Spring4Shell”, with experts believing it could be as impactful as 2021’s Log4j.
Spring4Shell is a zero-day vulnerability within the application development framework, likely putting numerous web applications at risk of being exploited. The scope of the attack is unknown, broad and still evolving.
So, what do we know about Spring4Shell?
https://www.onetrust.com/blog/spring4shell/