Indeni’s response to Spring4Shell
On March 29th, 2022, a remote code execution vulnerability in Spring Cloud Foundation was published. The vulnerability is known as Spring4Shell, tracked as CVE-2022-22965. Researchers believe that the vulnerability affects Spring Core on JDK (Java Development Kit) 9 and above. Today, the vulnerability was upgraded to critical.
Our engineering team was immediately engaged and confirmed that Indeni is not vulnerable to this issue. The Indeni product does not use JDK 9, nor springframework. If you have additional questions related to Spring4Shell, please do not hesitate to contact us.