A free tool from WhiteSource fixes the Spring4Shell vulnerability

A free tool from WhiteSource fixes the Spring4Shell vulnerability

A few months ago, the discovery of the vulnerability known as Log4Shell had created some havoc, as it used the Log4j library, used by many applications and online services for logging systems in order to maximize security. Unfortunately, it is not the only bug of some importance recently identified.

In fact, Spring4Shell has been added to Log4Shell, another very important vulnerability that allows you to execute code remotely (RCE) in Spring, one of the most popular open source frameworks for Java applications. Thanks to the developers of WhiteSource, as reported by colleagues at HelpNetSecurity, it seems that the situation is back under control through a tool, made available for free, which identifies and solves the problem.

Organizations and security teams need to approach Spring4Shell with the same attention and urgency they have had with the recent Log4j vulnerability. This vulnerability highlights the importance of a proactive approach to software security and the need for more automated application security to be incorporated into the development lifecycle. Be sure to manage your technical debt and stay up to date.

For the occasion, WhiteSource also offered some useful advice to companies in order to avoid similar situations in the future. Among the good habits to follow we find the need to always update Spring to the latest version, generate a "software bill of materials" (SBOM) for all applications in the environment and more.

Photo Credit: WhiteSource