Details
Alert Id 40045
Alert Type Active
Status alpha
Risk High
CWE 78
WASC 20
Tags OWASP_2017_A01
OWASP_2017_A09
OWASP_2021_A03
OWASP_2021_A06
WSTG-V42-INPV-12

Summary

The application appears to be vulnerable to CVE-2022-22965 (otherwise known as Spring4Shell) - remote code execution (RCE) via data binding.

Solution

Upgrade Spring Framework to versions 5.3.18, 5.2.20, or newer.

References

Code

org/zaproxy/zap/extension/ascanrulesAlpha/Spring4ShellScanRule.java