SpringShell/Spring4Shell: RCE via data binding in Spring Framework — affects all apps on Spring MVC/WebFlux with JDK 9+. Exploited by Mirai botnets within hours of disclosure. Update Spring Framework to 5.3.18/5.2.20+. Verify JDK versions.
A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. SpringShell.
Supernova subscribers receive AI-triaged CVE alerts the moment they're published — before the PoC drops.
Start Supernova — $99/mo →