Spring4Shell Overview

CData is aware of the recently disclosed CVE-2022-22963, a remote code execution in Spring Cloud Function by malicious Spring Expression Spring4Shell (CVE-2022-22965).

Date Entered: 04/06/2022    Last Updated: 04/06/2022

Spring4Shell Notice

CData understands the importance of security and is committed to managing its products and services with the most advanced security technologies possible for customers around the world.

CData is aware of these vulnerabilities disclosed by VMware.

  • CVE-2022-22963, a remote code execution in Spring Cloud Function by malicious Spring Expression
  • Spring4Shell (CVE-2022-22965), a remote code execution in Spring Framework via Data Binding on Java Development Kit (JDK) version 9 or later

The CData Security Team have investigated this as a high-priority issue and have confirmed as of April 6th 2022 that these vulnerabilities do not affect any of the CData products or services.


We appreciate your feedback.  If you have any questions, comments, or suggestions about this entry, please contact our support team at [email protected].