RCE Bug in Spring Cloud Could Be the Next Log4Shell
Some researchers have dubbed it “Spring4Shell” due to its ease of exploit and Java-based nature, a la the Log4Shell vulnerability discovered in December.
“Spring4Shell is another in a series of major Java vulnerabilities,” Stefano Chierici, a security researcher at Sysdig, noted in materials shared with Threatpost. “It has a very low bar for exploitation so we should expect to see attackers heavily scanning the internet. Once found, they will likely install cryptominers, [distributed denial-of-service] DDoS agents, or their remote-access toolkits.”
Source: Threatpost