Safeguard
Tag

spring-framework

Safeguard articles tagged "spring-framework" — guides, analysis, and best practices for software supply chain and application security.

8 articles

Security Guides

Spring Framework Security Guide (2026)

Spring Framework is the backbone of enterprise Java — and the source of Spring4Shell plus a steady stream of path-traversal and SSRF CVEs. Here is how to run it safely in 2026.

Jul 6, 20266 min read
Vulnerability Analysis

Spring4Shell (CVE-2022-22965) Explained: RCE Through Spring Data Binding

CVE-2022-22965, Spring4Shell, let attackers write a JSP web shell to Spring MVC apps on JDK 9+ by abusing data binding. Here is the ClassLoader trick and the exact conditions required.

Jul 2, 20265 min read
Vulnerability Analysis

Spring4Shell Retrospective: What CVE-2022-22965 Actually Cost the Industry

Spring4Shell was hyped as the next Log4Shell and turned out to be neither as broad nor as harmless as the early coverage suggested. A 2026 look back at the real numbers.

Jan 22, 20265 min read
Vulnerability Analysis

Spring4Shell (CVE-2022-22965): root cause and remote code...

Spring4Shell (CVE-2022-22965) let attackers manipulate Java class loaders via Spring data binding to achieve RCE on Tomcat-deployed apps. Root cause, timeline, and fixes.

Jan 22, 20269 min read
Vulnerability Analysis

Spring4Shell RCE in Spring Framework (CVE-2022-22965)

A deep dive into CVE-2022-22965 (Spring4Shell): the critical Spring Framework RCE, its exploitation chain, timeline, and how to remediate it fast.

Jan 18, 20267 min read
Vulnerability Analysis

CVE-2016-1000027: Remote code execution via Spring HttpIn...

A decade-old flaw in Spring's HttpInvokerServiceExporter enables unauthenticated RCE via Java deserialization. Severity, timeline, and remediation for CVE-2016-1000027.

Sep 22, 20257 min read
Vulnerability Analysis

CVE-2018-1270: Remote code execution in Spring Messaging ...

CVE-2018-1270 is a critical, unauthenticated RCE in Spring Messaging's STOMP-over-WebSocket support. Here's what's affected, how severe it is, and how to remediate it.

Sep 22, 20257 min read
Vulnerability Analysis

CVE-2020-5398: Content-type bypass in Spring Framework

CVE-2020-5398 lets attackers bypass Spring Framework RFD protections via Content-Disposition, tricking browsers into downloading malicious files.

Sep 21, 20257 min read
spring-framework — Safeguard Blog