Two zero-day exploits (CVE-2022-22963 and CVE-2022-22965) in the popular Spring Core Java library have been discovered.
These are critical vulnerabilities, allowing attackers to perform remote code execution (RCE).
Reblaze already protects against most of the malicious requests that could exploit these vulnerabilities. Additionally, our security engineers have created more precise signatures for these CVEs. These are being added to our core platform.
Note to Reblaze Customers
If you know your application uses the referring Spring Core library, please contact our support team at support@reblaze.com. Our engineers will be happy to assist you with implementing the new signatures, as well as advising you on upgrading the core VMWare libraries that contain the vulnerabilities.