I cannot find whether Spring4Shell exploit vulnerability affects the "Spring Tools 4 for Eclipse 4.14.0". Would you mind advising whether it affected or not?
Did Spring4Shell exploit vulnerability affect the "Spring Tools 4 for Eclipse"?
115 Views Asked by flowwar At
1
The Spring Tools 4 are not vulnerable to CVE-2022-22965 since there is nothing from the tools that run as a packaged WAR on a Tomcat server.
The only piece that uses Spring internally is the Spring Boot Language Server component that comes as part of Spring Tools 4, but this language server doesn't run as packaged WAR file either, does not even use Spring WebMVC or WebFlux, and does not expose an outside API via some form of data binding.