Spring on Fire this time? | RCE Vulnerability | How to identify and remediate it? | TechPrimers
This video covers the new Remote Code Execution vulnerability in Spring Framework (specifically spring-beans). We are going to discuss the following:
📌 Chapter Timestamps
===================
00:00 - Intro
00:19 - Agenda
01:19 - What is the Spring Vulnerability?
03:58 - Which versions of Spring/Spring Boot are affected?
06:32 - I run Spring Boot as a jar, should I be worried?
06:55 - Tactical fix
10:08 - Strategic fix
11:25 - I don’t use Spring Boot for my application, should I still be worried?
📌 Related Links
=============
🔗VMWare Blog - https://tanzu.vmware.com/security/cve-2022-22965
🔗Spring Blog - https://spring.io/blog/2022/03/31/spring-framework-rce-early-announcement
🔗Snyk Blog - https://security.snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORK-2436751
🔗Security blog - https://securityboulevard.com/2022/03/new-spring4shell-zero-day-vulnerability-confirmed-what-it-is-and-how-to-be-prepared/
🔗Spring4Shell - https://www.helpnetsecurity.com/2022/03/31/spring4shell/
Join this channel by contributing to the community:
https://www.youtube.com/channel/UCB12jjYsYv-eipCvBDcMbXw/join
📌 Related Playlist
================
🔗Spring Boot Primer - https://www.youtube.com/playlist?list=PLTyWtrsGknYegrUmDZB6rcqMotOFZKvbn
🔗Spring Cloud Primer - https://www.youtube.com/playlist?list=PLTyWtrsGknYeOJHtd3Ll93GRf28hrjlHV
🔗Spring Microservices Primer - https://www.youtube.com/playlist?list=PLTyWtrsGknYdZlO7LAZFEElWkEk59Y2ak
🔗Spring JPA Primer - https://www.youtube.com/playlist?list=PLTyWtrsGknYdt079e1pyvpgLrJ48RQ1LK
🔗Java 8 Streams - https://www.youtube.com/playlist?list=PLTyWtrsGknYdqY_7lwcbJ1z4bvc5yEEZl
🔗Spring Security Primer - https://www.youtube.com/playlist?list=PLTyWtrsGknYe0Sba9o-JRtnRlkl4gXMQl
💪 Join TechPrimers Slack Community: https://bit.ly/JoinTechPrimers
📟 Telegram: https://t.me/TechPrimers
🧮 TechPrimer HindSight (Blog): https://medium.com/TechPrimers
☁️ Website: http://techprimers.com
💪 Slack Community: https://techprimers.slack.com
🐦 Twitter: https://twitter.com/TechPrimers
📱 Facebook: http://fb.me/TechPrimers
💻 GitHub: https://github.com/TechPrimers or https://techprimers.github.io/
🎬 Video Editing: FCP
---------------------------------------------------------------
🔥 Disclaimer/Policy:
The content/views/opinions posted here are solely mine and the code samples created by me are open sourced.
You are free to use the code samples in Github after forking and you can modify it for your own use.
All the videos posted here are copyrighted. You cannot re-distribute videos on this channel in other channels or platforms.
#RCEVulnerability #Spring #SpringVulnerability
Видео Spring on Fire this time? | RCE Vulnerability | How to identify and remediate it? | TechPrimers канала Tech Primers
📌 Chapter Timestamps
===================
00:00 - Intro
00:19 - Agenda
01:19 - What is the Spring Vulnerability?
03:58 - Which versions of Spring/Spring Boot are affected?
06:32 - I run Spring Boot as a jar, should I be worried?
06:55 - Tactical fix
10:08 - Strategic fix
11:25 - I don’t use Spring Boot for my application, should I still be worried?
📌 Related Links
=============
🔗VMWare Blog - https://tanzu.vmware.com/security/cve-2022-22965
🔗Spring Blog - https://spring.io/blog/2022/03/31/spring-framework-rce-early-announcement
🔗Snyk Blog - https://security.snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORK-2436751
🔗Security blog - https://securityboulevard.com/2022/03/new-spring4shell-zero-day-vulnerability-confirmed-what-it-is-and-how-to-be-prepared/
🔗Spring4Shell - https://www.helpnetsecurity.com/2022/03/31/spring4shell/
Join this channel by contributing to the community:
https://www.youtube.com/channel/UCB12jjYsYv-eipCvBDcMbXw/join
📌 Related Playlist
================
🔗Spring Boot Primer - https://www.youtube.com/playlist?list=PLTyWtrsGknYegrUmDZB6rcqMotOFZKvbn
🔗Spring Cloud Primer - https://www.youtube.com/playlist?list=PLTyWtrsGknYeOJHtd3Ll93GRf28hrjlHV
🔗Spring Microservices Primer - https://www.youtube.com/playlist?list=PLTyWtrsGknYdZlO7LAZFEElWkEk59Y2ak
🔗Spring JPA Primer - https://www.youtube.com/playlist?list=PLTyWtrsGknYdt079e1pyvpgLrJ48RQ1LK
🔗Java 8 Streams - https://www.youtube.com/playlist?list=PLTyWtrsGknYdqY_7lwcbJ1z4bvc5yEEZl
🔗Spring Security Primer - https://www.youtube.com/playlist?list=PLTyWtrsGknYe0Sba9o-JRtnRlkl4gXMQl
💪 Join TechPrimers Slack Community: https://bit.ly/JoinTechPrimers
📟 Telegram: https://t.me/TechPrimers
🧮 TechPrimer HindSight (Blog): https://medium.com/TechPrimers
☁️ Website: http://techprimers.com
💪 Slack Community: https://techprimers.slack.com
🐦 Twitter: https://twitter.com/TechPrimers
📱 Facebook: http://fb.me/TechPrimers
💻 GitHub: https://github.com/TechPrimers or https://techprimers.github.io/
🎬 Video Editing: FCP
---------------------------------------------------------------
🔥 Disclaimer/Policy:
The content/views/opinions posted here are solely mine and the code samples created by me are open sourced.
You are free to use the code samples in Github after forking and you can modify it for your own use.
All the videos posted here are copyrighted. You cannot re-distribute videos on this channel in other channels or platforms.
#RCEVulnerability #Spring #SpringVulnerability
Видео Spring on Fire this time? | RCE Vulnerability | How to identify and remediate it? | TechPrimers канала Tech Primers
Показать
Комментарии отсутствуют
Информация о видео
Другие видео канала
FF4j | Spring Boot 3 Example | ReleaseDateFlipStrategy | Tech Primers
What is p99, p95, p50 Latency? | How Razorpay handles burst traffic? | Smart Routing | Tech Primers
Microservices | How did they come into existence? | The history timeline
Spring Boot 3 | Circuit Breakers using Resilience4J | Microservices Resiliency Primer
Back to Monolithic App? | Prime Video Case Study | Microservices to Monolith | Tech Primers
OSV Scanner | Google's Distributed Vulnerability Database for Open Source | Tech Primers
Spring Boot 3 🔥 | Feature Breakdown | Breaking Changes | New Changes | Part 1
HTTP Long Polling vs Server Sent Events vs Websockets | Tech Primers
Feature Flags aka. Feature Toggles Pattern | Tech Primers
HA vs Fault Tolerance | How Swiggy handles Faults in Microservices? | Tech Primers
Load Shedding in Kubernetes | Readiness Probes | Tech Primers
Load Shedding in Spring Boot | Tech Primers
Session Management using Spring Session Redis in Spring Boot | Tech Primers
Rate Limiter using Spring Cloud Gateway and Redis example | Tech Primers
Rate Limiting vs Load Shedding | Microservices Architecture Pattern | Tech Primers
ChatGPT | Can it replace Tech Primers? | Lets try!
Scale Reviews and Ratings using Caches, CQRS | Part 2 | Flash Sale System Design Primer
Flash Sale System Design | How to Scale Flipkart UI? | Part 1 | System Design Primer
How to solve Long Running Transactions? | Beyond Saga Pattern | Introducing Workflow Orchestration..
Colima | Open Source alternative for Docker Desktop | Productivity
Exponential Backoff | Microservices/Distributed Systems Strategy | Zerodha System Design