Bernd Just say: By the power of Grayskull, and you will have all the answers ;)
Donnel You might get a few answers on forums, but if you need help to put ut all together consider hiring someone. Freelancer.com I'd one resource. Besides aunty Google On Sat, Apr 9, 2022, 07:53 Bernd Eckenfels <e...@zusammenkunft.net> wrote: > Hello Donnel, > > We need you to do your own research, the Apache Open Source Project Maven > is not “your vendor” and also not related with Spring. How should “we” know > what and how you are using it? > > Gruss > Bernd > -- > http://bernd.eckenfels.net > ________________________________ > Von: DONNELL M GARRETT <donnell.garr...@bcbssc.com> > Gesendet: Freitag, April 8, 2022 9:25 PM > An: users@maven.apache.org <users@maven.apache.org> > Betreff: CVE-2022-22963 and CVE-2022-22965 > > On March 31, 2022 a pair of significant vulnerabilities were identified in > the Java Spring Framework which would allow an attacker to execute > malicious code. > > * CVE-2022-22963 - https://tanzu.vmware.com/security/cve-2022-22963 > * CVE-2022-22965 - https://tanzu.vmware.com/security/cve-2022-22965 > > It is critical for all of our vendors to determine if their software is > impacted so that remediation steps can be taken. We need your company to > respond to the following questions immediately: > > > * Is your product impacted by CVE-2022-22963 or CVE-2022-22965? > * Is your product built on Java? > * Does your product depend on the Spring Cloud Function project? If > so, what version? > * Does your product depend on Spring Framework? If so, what version? > * Does the product require JDK 9 or higher? > * Does the product have a dependency on spring-webmvc? > * Does the product have a dependency on spring-webflux? > >
