Protect your Spring based applications from this critical RCE vulnerability (CVE-2022-22965)
The Spring MVC and WebFlux are Java frameworks used to build web applications. It follows the Model-View-Controller design pattern. It implements all the basic features of a core spring framework like Inversion of Control and Dependency Injection. When these frameworks are deployed to Apache Tomcat, the WebAppClassLoader class is accessible, which allows an attacker to call getters and setters to ultimately write a malicious JSP file to disk and invoke any server endpoint with a malicious payload to execute malicious JSP code on the vulnerable server. The vulnerability can be exploited to allow unauthorized remote code execution on the affected servers.