一、 漏洞 CVE-2022-22965 基础信息
漏洞信息
# N/A
## 漏洞概述
Spring MVC 或 Spring WebFlux 应用程序在 JDK 9 及以上版本可能存在远程代码执行 (RCE) 导致的数据绑定漏洞。
## 影响版本
- JDK 9 及以上版本
- 使用 Tomcat 作为 WAR 部署的 Spring 应用程序
## 细节
- 漏洞利用要求应用程序在 Tomcat 上作为 WAR 包部署。
- 如果应用程序作为 Spring Boot 可执行 jar 部署,则不受到此漏洞的影响。
- 该漏洞的本质更为通用,可能存在其他途径进行利用。
## 影响
- 可通过数据绑定导致远程代码执行 (RCE) 攻击。
- 主要影响 Tomcat 上的 WAR 部署应用,Spring Boot 可执行 jar 包不受影响。
神龙判断
是否为 Web 类漏洞: 是
判断理由:
是。这个漏洞涉及Spring MVC或Spring WebFlux应用程序在JDK 9+环境下,通过数据绑定可能遭受远程代码执行(RCE)的风险。具体来说,当应用程序以WAR的形式部署在Tomcat上时,可能会被利用。虽然默认的Spring Boot可执行jar部署方式不受此漏洞影响,但该漏洞的本质较为普遍,可能存在其他利用途径。
提示
尽管我们采用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。
神龙会尽力确保数据准确,但也请结合实际情况进行甄别与判断。
神龙祝您一切顺利!
神龙会尽力确保数据准确,但也请结合实际情况进行甄别与判断。
神龙祝您一切顺利!
漏洞标题
N/A
来源:美国国家漏洞数据库 NVD
漏洞描述信息
A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application is deployed as a Spring Boot executable jar, i.e. the default, it is not vulnerable to the exploit. However, the nature of the vulnerability is more general, and there may be other ways to exploit it.
来源:美国国家漏洞数据库 NVD
CVSS信息
N/A
来源:美国国家漏洞数据库 NVD
漏洞类别
对生成代码的控制不恰当(代码注入)
来源:美国国家漏洞数据库 NVD
漏洞标题
Spring Framework 代码注入漏洞
来源:中国国家信息安全漏洞库 CNNVD
漏洞描述信息
Spring Framework是美国Spring团队的一套开源的Java、JavaEE应用程序框架。该框架可帮助开发人员构建高质量的应用。 Spring Framework 存在代码注入漏洞,该漏洞源于 JDK 9+ 上的数据绑定的 RCE。以下产品和版本受到影响:5.3.0 至 5.3.17、5.2.0 至 5.2.19、较旧的和不受支持的版本也会受到影响。
来源:中国国家信息安全漏洞库 CNNVD
CVSS信息
N/A
来源:中国国家信息安全漏洞库 CNNVD
漏洞类别
代码注入
来源:中国国家信息安全漏洞库 CNNVD
二、漏洞 CVE-2022-22965 的公开POC
| # | POC 描述 | 源链接 | 神龙链接 |
|---|---|---|---|
| 1 | Spring4Shell Proof Of Concept/And vulnerable application CVE-2022-22965 | https://github.com/BobTheShoplifter/Spring4Shell-POC | POC详情 |
| 2 | CVE-2022-22965 : about spring core rce | https://github.com/Mr-xn/spring-core-rce | POC详情 |
| 3 | Spring4Shell - Spring Core RCE - CVE-2022-22965 | https://github.com/TheGejr/SpringShell | POC详情 |
| 4 | Dockerized Spring4Shell (CVE-2022-22965) PoC application and exploit | https://github.com/reznok/Spring4Shell-POC | POC详情 |
| 5 | spring-core单个图形化利用工具,CVE-2022-22965及修复方案已出 | https://github.com/light-Life/CVE-2022-22965-GUItools | POC详情 |
| 6 | CVE-2022-22965 - CVE-2010-1622 redux | https://github.com/DDuarte/springshell-rce-poc | POC详情 |
| 7 | spring框架RCE漏洞 CVE-2022-22965 | https://github.com/k3rwin/spring-core-rce | POC详情 |
| 8 | springFramework_CVE-2022-22965_RCE简单利用 | https://github.com/liangyueliangyue/spring-core-rce | POC详情 |
| 9 | None | https://github.com/Kirill89/CVE-2022-22965-PoC | POC详情 |
| 10 | Exploit a vulnerable Spring application with the Spring4Shell (CVE-2022-22965) Vulnerability. | https://github.com/FourCoreLabs/spring4shell-exploit-poc | POC详情 |
| 11 | Spring Framework RCE (Quick pentest notes) | https://github.com/alt3kx/CVE-2022-22965_PoC | POC详情 |
| 12 | Vulnerabilidad RCE en Spring Framework vía Data Binding on JDK 9+ (CVE-2022-22965 aka "Spring4Shell") | https://github.com/GuayoyoCyber/CVE-2022-22965 | POC详情 |
| 13 | A Safer PoC for CVE-2022-22965 (Spring4Shell) | https://github.com/colincowie/Safer_PoC_CVE-2022-22965 | POC详情 |
| 14 | None | https://github.com/rwincey/spring4shell-CVE-2022-22965 | POC详情 |
| 15 | CVE-2022-22965 poc including reverse-shell support | https://github.com/viniciuspereiras/CVE-2022-22965-poc | POC详情 |
| 16 | Created after the release of CVE-2022-22965 and CVE-2022-22963. Bash script that detects Spring Framework occurrences in your projects and systems, allowing you to get insight on versions used. Unpacks JARs and analyzes their Manifest files. | https://github.com/mebibite/springhound | POC详情 |
| 17 | CVE-2022-22965 EXP | https://github.com/likewhite/CVE-2022-22965 | POC详情 |
| 18 | SpringFramework 远程代码执行漏洞CVE-2022-22965 | https://github.com/Axx8/SpringFramework_CVE-2022-22965_RCE | POC详情 |
| 19 | Showcase of overridding the Spring Framework version in older Spring Boot versions | https://github.com/snicoll-scratches/spring-boot-cve-2022-22965 | POC详情 |
| 20 | Spring-0day/CVE-2022-22965 | https://github.com/nu0l/CVE-2022-22965 | POC详情 |
| 21 | 批量无损检测CVE-2022-22965 | https://github.com/tangxiaofeng7/CVE-2022-22965-Spring-Core-Rce | POC详情 |
| 22 | CVE-2022-22965 spring-core批量检测脚本 | https://github.com/whoami0622/CVE-2022-22965-POC | POC详情 |
| 23 | None | https://github.com/helsecert/CVE-2022-22965 | POC详情 |
| 24 | None | https://github.com/lcarea/CVE-2022-22965 | POC详情 |
| 25 | CVE-2022-22965 Environment | https://github.com/Joe1sn/CVE-2022-22965 | POC详情 |
| 26 | Spring4Shell (CVE-2022-22965) | https://github.com/zer0yu/CVE-2022-22965 | POC详情 |
| 27 | Spring Framework RCE via Data Binding on JDK 9+ / spring4shell / CVE-2022-22965 | https://github.com/me2nuk/CVE-2022-22965 | POC详情 |
| 28 | CVE-2022-22965 | https://github.com/wshon/spring-framework-rce | POC详情 |
| 29 | CVE-2022-22965 POC | https://github.com/Wrin9/CVE-2022-22965 | POC详情 |
| 30 | CVE-2022-22965\Spring-Core-RCE堪比关于 Apache Log4j2核弹级别漏洞exp的rce一键利用 | https://github.com/wjl110/CVE-2022-22965_Spring_Core_RCE | POC详情 |
| 31 | None | https://github.com/mwojterski/cve-2022-22965 | POC详情 |
| 32 | Nmap Spring4Shell NSE script for Spring Boot RCE (CVE-2022-22965) | https://github.com/gpiechnik2/nmap-spring4shell | POC详情 |
| 33 | Docker PoC for CVE-2022-22965 with Spring Boot version 2.6.5 | https://github.com/itsecurityco/CVE-2022-22965 | POC详情 |
| 34 | PowerShell port of CVE-2022-22965 vulnerability check by colincowie. | https://github.com/daniel0x00/Invoke-CVE-2022-22965-SafeCheck | POC详情 |
| 35 | Intentionally vulnerable Spring app to test CVE-2022-22965 | https://github.com/fracturelabs/spring4shell_victim | POC详情 |
| 36 | CVE-2022-22965 (Spring4Shell) Proof of Concept | https://github.com/sunnyvale-it/CVE-2022-22965-PoC | POC详情 |
| 37 | Spring4Shell - CVE-2022-22965 | https://github.com/twseptian/cve-2022-22965 | POC详情 |
| 38 | Another spring4shell (Spring core RCE) POC | https://github.com/netcode/Spring4shell-CVE-2022-22965-POC | POC详情 |
| 39 | Vulnerability scanner for Spring4Shell (CVE-2022-22965) | https://github.com/fracturelabs/go-scan-spring | POC详情 |
| 40 | Spring has Confirmed the RCE in Spring Framework. The team has just published the statement along with the mitigation guides for the issue. Now, this vulnerability can be tracked as CVE-2022-22965. | https://github.com/Snip3R69/spring-shell-vuln | POC详情 |
| 41 | Spring4Shell is a critical RCE vulnerability in the Java Spring Framework and is one of three related vulnerabilities published on March 30 | https://github.com/0xr1l3s/CVE-2022-22965 | POC详情 |
| 42 | Spring Framework RCE Exploit | https://github.com/luoqianlin/CVE-2022-22965 | POC详情 |
| 43 | Exploit Of Spring4Shell! | https://github.com/0xrobiul/CVE-2022-22965 | POC详情 |
| 44 | A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application is deployed as a Spring Boot executable jar, i.e. the default, it is not vulnerable to the exploit. However, the nature of the vulnerability is more general, and there may be other ways to exploit it. | https://github.com/LudovicPatho/CVE-2022-22965_Spring4Shell | POC详情 |
| 45 | None | https://github.com/irgoncalves/irule-cve-2022-22965 | POC详情 |
| 46 | The demo code showing the recent Spring4Shell RCE (CVE-2022-22965) | https://github.com/datawiza-inc/spring-rec-demo | POC详情 |
| 47 | Spring Framework RCE (CVE-2022-22965) Nmap (NSE) Checker (Non-Intrusive) | https://github.com/alt3kx/CVE-2022-22965 | POC详情 |
| 48 | CVE-2022-22965 pocsuite3 POC | https://github.com/wikiZ/springboot_CVE-2022-22965 | POC详情 |
| 49 | CVE-2022-22965写入冰蝎webshell脚本 | https://github.com/4nth0ny1130/spring4shell_behinder | POC详情 |
| 50 | Spring4Shell PoC (CVE-2022-22965) | https://github.com/t3amj3ff/Spring4ShellPoC | POC详情 |
| 51 | None | https://github.com/CalumHutton/CVE-2022-22965-PoC_Payara | POC详情 |
| 52 | None | https://github.com/fransvanbuul/CVE-2022-22965-susceptibility | POC详情 |
| 53 | Script to check for Spring4Shell vulnerability | https://github.com/jrgdiaz/Spring4Shell-CVE-2022-22965.py | POC详情 |
| 54 | Spring4Shell , Spring Framework RCE (CVE-2022-22965) , Burpsuite Plugin | https://github.com/Loneyers/Spring4Shell | POC详情 |
| 55 | spring4shell | CVE-2022-22965 | https://github.com/p1ckzi/CVE-2022-22965 | POC详情 |
| 56 | exploitation script tryhackme | https://github.com/Omaraitbenhaddi/-Spring4Shell-CVE-2022-22965- | POC详情 |
| 57 | None | https://github.com/c4mx/CVE-2022-22965_PoC | POC详情 |
| 58 | None | https://github.com/mariomamo/CVE-2022-22965 | POC详情 |
| 59 | None | https://github.com/khidottrivi/CVE-2022-22965 | POC详情 |
| 60 | None | https://github.com/Enokiy/spring-RCE-CVE-2022-22965 | POC详情 |
| 61 | CVE-2022-22965 Spring4Shell research & PoC | https://github.com/cxzero/CVE-2022-22965-spring4shell | POC详情 |
| 62 | burpsuite 的Spring漏洞扫描插件。SpringVulScan:支持检测:路由泄露|CVE-2022-22965|CVE-2022-22963|CVE-2022-22947|CVE-2016-4977 | https://github.com/tpt11fb/SpringVulScan | POC详情 |
| 63 | EXP for Spring4Shell(CVE-2022-22965) | https://github.com/D1mang/Spring4Shell-CVE-2022-22965 | POC详情 |
| 64 | CVE-2022-22965图形化检测工具 | https://github.com/iloveflag/Fast-CVE-2022-22965 | POC详情 |
| 65 | None | https://github.com/ClemExp/CVE-2022-22965-PoC | POC详情 |
| 66 | CVE-2022-22965 proof of concept | https://github.com/clemoregan/SSE4-CVE-2022-22965 | POC详情 |
| 67 | None | https://github.com/devengpk/CVE-2022-22965 | POC详情 |
| 68 | CVE-2022-22965\Spring-Core-RCE核弹级别漏洞的rce图形化GUI一键利用工具,基于JavaFx开发,图形化操作更简单,提高效率。 | https://github.com/zangcc/CVE-2022-22965-rexbb | POC详情 |
| 69 | User friendly Spring4Shell POC | https://github.com/ajith737/Spring4Shell-CVE-2022-22965-POC | POC详情 |
| 70 | 🚀 Exploit for Spring core RCE in C [ wip ] | https://github.com/c33dd/CVE-2022-22965 | POC详情 |
| 71 | Demonstrable Proof of Concept Exploit for Spring4Shell Vulnerability (CVE-2022-22965) | https://github.com/gokul-ramesh/Spring4Shell-PoC-exploit | POC详情 |
| 72 | A simple python script for a firewall rule that blocks incoming requests based on the Spring4Shell (CVE-2022-22965) vulnerability | https://github.com/bL34cHig0/Telstra-Cybersecurity-Virtual-Experience- | POC详情 |
| 73 | Poc&Exp,支持批量扫描,反弹shell | https://github.com/BKLockly/CVE-2022-22965 | POC详情 |
| 74 | Spring rce environment for CVE-2022-22965 | https://github.com/dbgee/Spring4Shell | POC详情 |
| 75 | PoC and exploit for CVE-2022-22965 Spring4Shell | https://github.com/jakabakos/CVE-2022-22965-Spring4Shell | POC详情 |
| 76 | A quick python script that automates the exploitation of the second deadliest Java based vulnerability CVE-2022-22965. | https://github.com/h4ck0rman/Spring4Shell-PoC | POC详情 |
| 77 | None | https://github.com/sohamsharma966/Spring4Shell-CVE-2022-22965 | POC详情 |
| 78 | Spring4Shell Vulnerability RCE - CVE-2022-22965 | https://github.com/LucasPDiniz/CVE-2022-22965 | POC详情 |
| 79 | None | https://github.com/xsxtw/SpringFramework_CVE-2022-22965_RCE | POC详情 |
| 80 | Script to check for Spring4Shell vulnerability | https://github.com/te5t321/Spring4Shell-CVE-2022-22965.py | POC详情 |
| 81 | None | https://github.com/guigui237/Expoitation-de-la-vuln-rabilit-CVE-2022-22965 | POC详情 |
| 82 | POC firewall with rules designed to detect and block Spring4Shell vulnerability (CVE-2022-22965) exploit | https://github.com/BlackBird63030/Block-Spring4Shell | POC详情 |
| 83 | POC firewall with rules designed to detect and block Spring4Shell vulnerability (CVE-2022-22965) exploit | https://github.com/SkyM1raj/Block-Spring4Shell | POC详情 |
| 84 | POC firewall with rules designed to detect and block Spring4Shell vulnerability (CVE-2022-22965) exploit | https://github.com/Aur3ns/Block-Spring4Shell | POC详情 |
| 85 | In this challenge, I analyzed the Spring4Shell (CVE-2022-22965) vulnerability, investigated security bypasses, and wrote an Incident Postmortem Report detailing the detection, impact, and resolution of the attack. I also implemented a firewall rule in Python to block malicious requests and prevent future exploitation. | https://github.com/jashan-lefty/Spring4Shell | POC详情 |
| 86 | spring-core单个图形化利用工具,CVE-2022-22965及修复方案已出 | https://github.com/Bouquets-ai/CVE-2022-22965-GUItools | POC详情 |
| 87 | Spring MVC and Spring WebFlux applications running on Java Development Kit 9+ are susceptible to remote code execution via data binding. It requires the application to run on Tomcat as a WAR deployment. An attacker can execute malware, obtain sensitive information, modify data, and/or gain full control over a compromised system without entering necessary credentials. | https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2022/CVE-2022-22965.yaml | POC详情 |
| 88 | A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application is deployed as a Spring Boot executable jar, i.e. the default, it is not vulnerable to the exploit. However, the nature of the vulnerability is more general, and there may be other ways to exploit it. | https://github.com/projectdiscovery/nuclei-templates/blob/main/dast/cves/2022/CVE-2022-22965.yaml | POC详情 |
| 89 | None | https://github.com/Threekiii/Awesome-POC/blob/master/%E5%BC%80%E5%8F%91%E6%A1%86%E6%9E%B6%E6%BC%8F%E6%B4%9E/Spring%20Data%20Binding%E4%B8%8EJDK%209%2B%E5%AF%BC%E8%87%B4%E7%9A%84%E8%BF%9C%E7%A8%8B%E4%BB%A3%E7%A0%81%E6%89%A7%E8%A1%8C%E6%BC%8F%E6%B4%9E%20CVE-2022-22965.md | POC详情 |
| 90 | https://github.com/vulhub/vulhub/blob/master/spring/CVE-2022-22965/README.md | POC详情 | |
| 91 | Firewall rules to mitigate a zero-day vulnerability malware attack (CVE-2022-22965), known as Spring4Shell | https://github.com/ESSAFAR/Firewall-Rules | POC详情 |
| 92 | SpringFramework 远程代码执行漏洞CVE-2022-22965 | https://github.com/SecNN/SpringFramework_CVE-2022-22965_RCE | POC详情 |
| 93 | Hands-on lab on detecting and mitigating web app threats using OWASP ZAP, Burp Suite, and ModSecurity WAF (with OWASP CRS). Case study: Spring4Shell (CVE-2022-22965). Local Docker-based setup. | https://github.com/brunoh6/web-threat-mitigation | POC详情 |
| 94 | (CVE-2022-22965)PoC 应用程序和漏洞利用 | https://github.com/ZapcoMan/spring4shell-vulnerable-application | POC详情 |
| 95 | Spring4Shell (POC) | https://github.com/osungjinwoo/CVE-2022-22965 | POC详情 |
| 96 | Python-based simulated firewall to detect and block Spring4Shell (CVE-2022-22965) exploit attempts. This project filters HTTP requests by identifying malicious payload patterns using a custom firewall_server.py and tests them with test_requests.py. | https://github.com/Nosie12/fire-wall-server | POC详情 |
| 97 | 🔒 Spring4Shell Firewall Defense — Cybersecurity Incident Simulation This project is part of a Cybersecurity Job Simulation I completed in August 2025 through Forage. It focuses on detecting, analyzing, and mitigating a simulated real-world cyberattack involving the Spring4Shell (CVE-2022-22965) vulnerability | https://github.com/salo-404/firewall | POC详情 |
| 98 | None | https://github.com/shoucheng3/spring-projects__spring-framework_CVE-2022-22965_5-2-19-RELEASE | POC详情 |
| 99 | Cybersecurity simulation showcasing SOC analyst skills in malware triage, incident response, and vulnerability management (Spring4Shell CVE-2022-22965). | https://github.com/Toph404/telstra-cyber-analyst-job-simulation | POC详情 |
| 100 | Proof-of-Concept (POC) of a simple firewall in Python designed to mitigate the Spring4Shell (CVE-2022-22965) RCE attack by inspecting and blocking malicious request bodies. | https://github.com/NickoPS87/Spring4Shell-Python-Firewall-POC | POC详情 |
| 101 | CVE-2022-22965 proof of concept for CS4239 report | https://github.com/xenosf/CS4239-Spring4Shell-POC | POC详情 |
| 102 | Fully automated Spring4Shell (CVE-2022-22965) + GitLab RCE framework | https://github.com/mylo-2001/GhostStrike | POC详情 |
| 103 | A Remote Code Execution exploit targeting Spring Framework vulnerability CVE-2022-22965 💀 | https://github.com/Hghost0x00/CVE-2022-22965 | POC详情 |
| 104 | None | https://github.com/dbwlsdnr95/CVE-2022-22965-spring4shell | POC详情 |
| 105 | None | https://github.com/nhattanhh/CVE-2022-22965 | POC详情 |
| 106 | CVE-2022-22965 - Spring4Shell | https://github.com/Anon2Fear/CVE-2022-22965 | POC详情 |
三、漏洞 CVE-2022-22965 的情报信息
- https://tanzu.vmware.com/security/cve-2022-22965x_refsource_MISC
标题: Packet Storm -- 🔗来源链接
标签:x_refsource_MISC
神龙速读:- **Last updated September 12, 2025**: Indicates the terms of service are up-to-date as of this date. - **Agreement to Terms**: Users must agree to the terms before using the site. - **Prohibited Activities**: Users are forbidden from acting maliciously or using data from the site in a harmful way. - **API Access**: Defines the conditions for using the site's API. - **Privacy Policy**: Acknowledges that the privacy policy is part of the agreement. - **Limitations of Liability**: The site disclaims liability for damages. - **Disclaimer**: The site is provided "as is" without warranties. - **Indemnification**: Users agree to indemnify the site for any legal issues stemming from use of the site.
- https://cert-portal.siemens.com/productcert/pdf/ssa-254054.pdfx_refsource_CONFIRM
- https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0005x_refsource_CONFIRM
- https://www.oracle.com/security-alerts/cpujul2022.htmlx_refsource_MISC
- http://packetstormsecurity.com/files/167011/Spring4Shell-Spring-Framework-Class-Property-Remote-Code-Execution.htmlx_refsource_MISC
- https://www.oracle.com/security-alerts/cpuapr2022.htmlx_refsource_MISC
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-java-spring-rce-Zx9GUc67vendor-advisoryx_refsource_CISCO
- https://nvd.nist.gov/vuln/detail/CVE-2022-22965
四、漏洞 CVE-2022-22965 的评论
暂无评论