Old Release

This documentation relates to an old version of VIVO, version 1.13.x.
Looking for another version? See all documentation.

The CVE-2022-22965 vulnerability

On March 30th, 2022, a 0-day exploit in the popular Java framework was discovered that results in Remote Code Execution (RCE) via data binding.

More about this vulnerability might be found at https://spring.io/blog/2022/03/31/spring-framework-rce-early-announcement

What is affected

The VIVO core source is not a Spring framework-based application, but there is dependency on spring-beans and spring-context in [VIVO]/api/pom.xml. 


  • No labels