Domino all versions
Spring WebFlux application running on JDK 9+ is vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run on Tomcat as a WAR deployment.
How does this impact Domino?
Domino does not make use of the Spring4Shell framework and so is not effected by the vulnerability.
Further details on CVE-2022-22965 can be found here: https://nvd.nist.gov/vuln/detail/CVE-2022-22965
Please sign in to leave a comment.