We are aware of the recently published vulnerabilities in OpenSSL v3.0.0 - 3.0.6 ( CVE-2022-3602 & CVE-2022-3786 ). OpenSSL 1.1.1 and 1.0.2 are not affected by this issue. These vulnerabilities are only realized in certain circumstances where an attacker can control the...
We are aware of the recently reported denial of service (DoS) vulnerability in Spring Framework , reported as CVE-2022-22950 . This vulnerability is only realized in cases where the Spring Expressions Language (SpEL) is in use (see both the announcement from spring.io and...
We are aware of the recently reported remote code execution (RCE) vulnerability in Spring Framework , reported as CVE-2022-22965 . The current state of analysis is that while this is potentially a serious vulnerability, it is only exploitable in certain conditions, notably JDK 9 or...