Following Spring Cloud, on March 29, another heavyweight vulnerability of Spring broke out on the Internet: Spring Core RCE
The exploit has been uploaded as exp.py
Patch Links in Spring Production
- jdk version 9 and above
- using Spring Framework or derivative frameworks
At present, Spring has not officially released a patch and as a result, it is recommended to lower your jdk version as a temporary solution.