{"id":"CVE-2022-22965","details":"A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application is deployed as a Spring Boot executable jar, i.e. the default, it is not vulnerable to the exploit. However, the nature of the vulnerability is more general, and there may be other ways to exploit it.","aliases":["GHSA-36p3-wjmg-h94x"],"modified":"2026-04-10T04:44:36.182708Z","published":"2022-04-01T23:15:13.870Z","references":[{"type":"WEB","url":"https://www.kb.cert.org/vuls/id/970766"},{"type":"WEB","url":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-22965"},{"type":"ADVISORY","url":"https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0005"},{"type":"ADVISORY","url":"https://tanzu.vmware.com/security/cve-2022-22965"},{"type":"ADVISORY","url":"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-java-spring-rce-Zx9GUc67"},{"type":"ADVISORY","url":"http://packetstormsecurity.com/files/167011/Spring4Shell-Spring-Framework-Class-Property-Remote-Code-Execution.html"},{"type":"ADVISORY","url":"https://www.oracle.com/security-alerts/cpuapr2022.html"},{"type":"FIX","url":"https://www.oracle.com/security-alerts/cpujul2022.html"},{"type":"FIX","url":"https://cert-portal.siemens.com/productcert/pdf/ssa-254054.pdf"},{"type":"EVIDENCE","url":"http://packetstormsecurity.com/files/166713/Spring4Shell-Code-Execution.html"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/spring-projects/spring-framework","events":[{"introduced":"0"},{"fixed":"cfa701b8726f06528e9d408b1b94f333f70da45f"},{"introduced":"5acffaa72da10ba42fe547eeea44d8615cbf99b9"},{"fixed":"707a24c48b21fc35e8be715afc80f020a24a9714"},{"introduced":"0"},{"last_affected":"30604ae861d378669a9719918f3068dadcc5aed5"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"5.2.20"},{"introduced":"5.3.0"},{"fixed":"5.3.18"},{"introduced":"0"},{"last_affected":"3.0"}]}}],"versions":["v3.0.0.RELEASE","v3.2.0.M1","v3.2.0.M2","v3.2.0.RC1","v3.2.0.RC2-A","v3.2.0.RELEASE","v4.0.0.M1","v4.0.0.M2","v4.0.0.M3","v4.0.0.RC1","v4.0.0.RC2"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-22965.json","unresolved_ranges":[{"events":[{"introduced":"0"},{"fixed":"2.1.0"}]},{"events":[{"introduced":"0"},{"last_affected":"1.9.0"}]},{"events":[{"introduced":"0"},{"last_affected":"22.1.0"}]},{"events":[{"introduced":"0"},{"last_affected":"1.9.0"}]},{"events":[{"introduced":"0"},{"last_affected":"22.1.0"}]},{"events":[{"introduced":"0"},{"last_affected":"22.1.0"}]},{"events":[{"introduced":"0"},{"last_affected":"1.10.0"}]},{"events":[{"introduced":"0"},{"last_affected":"22.1.0"}]},{"events":[{"introduced":"0"},{"last_affected":"1.15.0"}]},{"events":[{"introduced":"0"},{"last_affected":"22.1.0"}]},{"events":[{"introduced":"0"},{"last_affected":"1.8.0"}]},{"events":[{"introduced":"0"},{"last_affected":"1.15.0"}]},{"events":[{"introduced":"0"},{"last_affected":"22.1.0"}]},{"events":[{"introduced":"0"},{"last_affected":"1.15.0"}]},{"events":[{"introduced":"0"},{"last_affected":"22.1.0"}]},{"events":[{"introduced":"0"},{"last_affected":"1.7.0"}]},{"events":[{"introduced":"0"},{"last_affected":"22.1.0"}]},{"events":[{"introduced":"0"},{"last_affected":"1.15.0"}]},{"events":[{"introduced":"0"},{"last_affected":"22.1.0"}]},{"events":[{"introduced":"0"},{"last_affected":"12.6.0.0.0"}]},{"events":[{"introduced":"0"},{"last_affected":"8.1.1"}]},{"events":[{"introduced":"0"},{"last_affected":"8.1.2.0"}]},{"events":[{"introduced":"0"},{"last_affected":"8.1.1.0"}]},{"events":[{"introduced":"0"},{"last_affected":"8.1.1.1"}]},{"events":[{"introduced":"0"},{"last_affected":"8.1.2.0"}]},{"events":[{"introduced":"0"},{"last_affected":"8.1.1.0"}]},{"events":[{"introduced":"0"},{"last_affected":"8.1.1.1"}]},{"events":[{"introduced":"0"},{"last_affected":"8.1.2.0"}]},{"events":[{"introduced":"0"},{"fixed":"8.0.29"}]},{"events":[{"introduced":"0"},{"last_affected":"3.6.1"}]},{"events":[{"introduced":"0"},{"last_affected":"20.0.1"}]},{"events":[{"introduced":"0"},{"last_affected":"21.0.0"}]},{"events":[{"introduced":"0"},{"last_affected":"9.0"}]},{"events":[{"introduced":"0"},{"last_affected":"9.1"}]},{"events":[{"introduced":"0"},{"fixed":"2.0.4"}]},{"events":[{"introduced":"0"},{"last_affected":"2.80"}]},{"events":[{"introduced":"0"},{"last_affected":"2.85"}]},{"events":[{"introduced":"0"},{"last_affected":"1.5"}]},{"events":[{"introduced":"0"},{"last_affected":"1.6"}]},{"events":[{"introduced":"0"},{"last_affected":"7.4.3"}]},{"events":[{"introduced":"0"},{"last_affected":"7.4.3.100"}]},{"events":[{"introduced":"0"},{"last_affected":"7.4.3.200"}]},{"events":[{"introduced":"0"},{"last_affected":"7.4.3"}]},{"events":[{"introduced":"0"},{"last_affected":"7.4.3.100"}]},{"events":[{"introduced":"0"},{"last_affected":"7.4.3.200"}]},{"events":[{"introduced":"0"},{"last_affected":"1.3"}]},{"events":[{"introduced":"0"},{"last_affected":"2.0"}]},{"events":[{"introduced":"0"},{"last_affected":"2.0.1"}]},{"events":[{"introduced":"0"},{"last_affected":"2.0.2"}]},{"events":[{"introduced":"0"},{"last_affected":"2.1"}]},{"events":[{"introduced":"0"},{"last_affected":"2.1"}]},{"events":[{"introduced":"0"},{"fixed":"2.0.4"}]},{"events":[{"introduced":"0"},{"fixed":"1.2.1"}]},{"events":[{"introduced":"0"},{"fixed":"1.0.3"}]},{"events":[{"introduced":"0"},{"last_affected":"2.80"}]},{"events":[{"introduced":"0"},{"last_affected":"2.85"}]},{"events":[{"introduced":"0"},{"last_affected":"1.5"}]},{"events":[{"introduced":"0"},{"last_affected":"1.6"}]},{"events":[{"introduced":"0"},{"last_affected":"11.3.2"}]},{"events":[{"introduced":"0"},{"last_affected":"22.1.3"}]},{"events":[{"introduced":"0"},{"last_affected":"7.4.1"}]},{"events":[{"introduced":"0"},{"last_affected":"7.4.2"}]},{"events":[{"introduced":"0"},{"last_affected":"7.5.0"}]},{"events":[{"introduced":"0"},{"last_affected":"16.0.3"}]},{"events":[{"introduced":"0"},{"last_affected":"17.0"}]},{"events":[{"introduced":"0"},{"last_affected":"18.0"}]},{"events":[{"introduced":"0"},{"last_affected":"19.0"}]},{"events":[{"introduced":"0"},{"last_affected":"14.1.3.2"}]},{"events":[{"introduced":"0"},{"last_affected":"15.0.3.1"}]},{"events":[{"introduced":"0"},{"last_affected":"16.0.3"}]},{"events":[{"introduced":"0"},{"last_affected":"19.0.1"}]},{"events":[{"introduced":"0"},{"last_affected":"14.1.3.2"}]},{"events":[{"introduced":"0"},{"last_affected":"15.0.3.1"}]},{"events":[{"introduced":"0"},{"last_affected":"16.0.3"}]},{"events":[{"introduced":"0"},{"last_affected":"19.0.1"}]},{"events":[{"introduced":"0"},{"last_affected":"16.0.3"}]},{"events":[{"introduced":"0"},{"last_affected":"19.0.1"}]},{"events":[{"introduced":"0"},{"last_affected":"12.2.1.3.0"}]},{"events":[{"introduced":"0"},{"last_affected":"12.2.1.4.0"}]},{"events":[{"introduced":"0"},{"last_affected":"14.1.1.0.0"}]}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}