Spring on Fire this time? | RCE Vulnerability | How to identify and remediate it? | TechPrimers
This video covers the new Remote Code Execution vulnerability in Spring Framework (specifically spring-beans). We are going to discuss the following:
📌 Chapter Timestamps
===================
00:00 - Intro
00:19 - Agenda
01:19 - What is the Spring Vulnerability?
03:58 - Which versions of Spring/Spring Boot are affected?
06:32 - I run Spring Boot as a jar, should I be worried?
06:55 - Tactical fix
10:08 - Strategic fix
11:25 - I don’t use Spring Boot for my application, should I still be worried?
📌 Related Links
=============
🔗VMWare Blog - https://tanzu.vmware.com/security/cve-2022-22965
🔗Spring Blog - https://spring.io/blog/2022/03/31/spring-framework-rce-early-announcement
🔗Snyk Blog - https://security.snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORK-2436751
🔗Security blog - https://securityboulevard.com/2022/03/new-spring4shell-zero-day-vulnerability-confirmed-what-it-is-and-how-to-be-prepared/
🔗Spring4Shell - https://www.helpnetsecurity.com/2022/03/31/spring4shell/
Join this channel by contributing to the community:
https://www.youtube.com/channel/UCB12jjYsYv-eipCvBDcMbXw/join
📌 Related Playlist
================
🔗Spring Boot Primer - https://www.youtube.com/playlist?list=PLTyWtrsGknYegrUmDZB6rcqMotOFZKvbn
🔗Spring Cloud Primer - https://www.youtube.com/playlist?list=PLTyWtrsGknYeOJHtd3Ll93GRf28hrjlHV
🔗Spring Microservices Primer - https://www.youtube.com/playlist?list=PLTyWtrsGknYdZlO7LAZFEElWkEk59Y2ak
🔗Spring JPA Primer - https://www.youtube.com/playlist?list=PLTyWtrsGknYdt079e1pyvpgLrJ48RQ1LK
🔗Java 8 Streams - https://www.youtube.com/playlist?list=PLTyWtrsGknYdqY_7lwcbJ1z4bvc5yEEZl
🔗Spring Security Primer - https://www.youtube.com/playlist?list=PLTyWtrsGknYe0Sba9o-JRtnRlkl4gXMQl
💪 Join TechPrimers Slack Community: https://bit.ly/JoinTechPrimers
📟 Telegram: https://t.me/TechPrimers
🧮 TechPrimer HindSight (Blog): https://medium.com/TechPrimers
☁️ Website: http://techprimers.com
💪 Slack Community: https://techprimers.slack.com
🐦 Twitter: https://twitter.com/TechPrimers
📱 Facebook: http://fb.me/TechPrimers
💻 GitHub: https://github.com/TechPrimers or https://techprimers.github.io/
🎬 Video Editing: FCP
---------------------------------------------------------------
🔥 Disclaimer/Policy:
The content/views/opinions posted here are solely mine and the code samples created by me are open sourced.
You are free to use the code samples in Github after forking and you can modify it for your own use.
All the videos posted here are copyrighted. You cannot re-distribute videos on this channel in other channels or platforms.
#RCEVulnerability #Spring #SpringVulnerability
Видео Spring on Fire this time? | RCE Vulnerability | How to identify and remediate it? | TechPrimers канала Tech Primers
📌 Chapter Timestamps
===================
00:00 - Intro
00:19 - Agenda
01:19 - What is the Spring Vulnerability?
03:58 - Which versions of Spring/Spring Boot are affected?
06:32 - I run Spring Boot as a jar, should I be worried?
06:55 - Tactical fix
10:08 - Strategic fix
11:25 - I don’t use Spring Boot for my application, should I still be worried?
📌 Related Links
=============
🔗VMWare Blog - https://tanzu.vmware.com/security/cve-2022-22965
🔗Spring Blog - https://spring.io/blog/2022/03/31/spring-framework-rce-early-announcement
🔗Snyk Blog - https://security.snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORK-2436751
🔗Security blog - https://securityboulevard.com/2022/03/new-spring4shell-zero-day-vulnerability-confirmed-what-it-is-and-how-to-be-prepared/
🔗Spring4Shell - https://www.helpnetsecurity.com/2022/03/31/spring4shell/
Join this channel by contributing to the community:
https://www.youtube.com/channel/UCB12jjYsYv-eipCvBDcMbXw/join
📌 Related Playlist
================
🔗Spring Boot Primer - https://www.youtube.com/playlist?list=PLTyWtrsGknYegrUmDZB6rcqMotOFZKvbn
🔗Spring Cloud Primer - https://www.youtube.com/playlist?list=PLTyWtrsGknYeOJHtd3Ll93GRf28hrjlHV
🔗Spring Microservices Primer - https://www.youtube.com/playlist?list=PLTyWtrsGknYdZlO7LAZFEElWkEk59Y2ak
🔗Spring JPA Primer - https://www.youtube.com/playlist?list=PLTyWtrsGknYdt079e1pyvpgLrJ48RQ1LK
🔗Java 8 Streams - https://www.youtube.com/playlist?list=PLTyWtrsGknYdqY_7lwcbJ1z4bvc5yEEZl
🔗Spring Security Primer - https://www.youtube.com/playlist?list=PLTyWtrsGknYe0Sba9o-JRtnRlkl4gXMQl
💪 Join TechPrimers Slack Community: https://bit.ly/JoinTechPrimers
📟 Telegram: https://t.me/TechPrimers
🧮 TechPrimer HindSight (Blog): https://medium.com/TechPrimers
☁️ Website: http://techprimers.com
💪 Slack Community: https://techprimers.slack.com
🐦 Twitter: https://twitter.com/TechPrimers
📱 Facebook: http://fb.me/TechPrimers
💻 GitHub: https://github.com/TechPrimers or https://techprimers.github.io/
🎬 Video Editing: FCP
---------------------------------------------------------------
🔥 Disclaimer/Policy:
The content/views/opinions posted here are solely mine and the code samples created by me are open sourced.
You are free to use the code samples in Github after forking and you can modify it for your own use.
All the videos posted here are copyrighted. You cannot re-distribute videos on this channel in other channels or platforms.
#RCEVulnerability #Spring #SpringVulnerability
Видео Spring on Fire this time? | RCE Vulnerability | How to identify and remediate it? | TechPrimers канала Tech Primers
Показать
Комментарии отсутствуют
Информация о видео
Другие видео канала
![FF4j | Spring Boot 3 Example | ReleaseDateFlipStrategy | Tech Primers](https://i.ytimg.com/vi/Vo6jVQK0cBE/default.jpg)
![What is p99, p95, p50 Latency? | How Razorpay handles burst traffic? | Smart Routing | Tech Primers](https://i.ytimg.com/vi/BrzhaXSEWy8/default.jpg)
![Microservices | How did they come into existence? | The history timeline](https://i.ytimg.com/vi/29lOEjw8hEs/default.jpg)
![Spring Boot 3 | Circuit Breakers using Resilience4J | Microservices Resiliency Primer](https://i.ytimg.com/vi/3-ChrD3Zosg/default.jpg)
![Back to Monolithic App? | Prime Video Case Study | Microservices to Monolith | Tech Primers](https://i.ytimg.com/vi/9JPYCOpeDnY/default.jpg)
![OSV Scanner | Google's Distributed Vulnerability Database for Open Source | Tech Primers](https://i.ytimg.com/vi/PCAtOp2Qhq8/default.jpg)
![Spring Boot 3 🔥 | Feature Breakdown | Breaking Changes | New Changes | Part 1](https://i.ytimg.com/vi/AcaR1wBi6mQ/default.jpg)
![HTTP Long Polling vs Server Sent Events vs Websockets | Tech Primers](https://i.ytimg.com/vi/1cFyfT0m3bA/default.jpg)
![Feature Flags aka. Feature Toggles Pattern | Tech Primers](https://i.ytimg.com/vi/HvKL3rXVwfg/default.jpg)
![HA vs Fault Tolerance | How Swiggy handles Faults in Microservices? | Tech Primers](https://i.ytimg.com/vi/7Q73wgGUpZM/default.jpg)
![Load Shedding in Kubernetes | Readiness Probes | Tech Primers](https://i.ytimg.com/vi/om-bvBu3-dU/default.jpg)
![Load Shedding in Spring Boot | Tech Primers](https://i.ytimg.com/vi/msy3GKrBjik/default.jpg)
![Session Management using Spring Session Redis in Spring Boot | Tech Primers](https://i.ytimg.com/vi/KStr5ZspNvM/default.jpg)
![Rate Limiter using Spring Cloud Gateway and Redis example | Tech Primers](https://i.ytimg.com/vi/0LoqPg6h6wc/default.jpg)
![Rate Limiting vs Load Shedding | Microservices Architecture Pattern | Tech Primers](https://i.ytimg.com/vi/JAWgpC-NaW8/default.jpg)
![ChatGPT | Can it replace Tech Primers? | Lets try!](https://i.ytimg.com/vi/9s8QIOpjzbU/default.jpg)
![Scale Reviews and Ratings using Caches, CQRS | Part 2 | Flash Sale System Design Primer](https://i.ytimg.com/vi/UvShsiHJOOY/default.jpg)
![Flash Sale System Design | How to Scale Flipkart UI? | Part 1 | System Design Primer](https://i.ytimg.com/vi/x4CQlmXU06s/default.jpg)
![How to solve Long Running Transactions? | Beyond Saga Pattern | Introducing Workflow Orchestration..](https://i.ytimg.com/vi/5YUkX8ka6Xw/default.jpg)
![Colima | Open Source alternative for Docker Desktop | Productivity](https://i.ytimg.com/vi/v3sf_Ekhmtw/default.jpg)
![Exponential Backoff | Microservices/Distributed Systems Strategy | Zerodha System Design](https://i.ytimg.com/vi/JJUqPAJ9z-M/default.jpg)