Springshell Exploit Resource Center

Live Dashboard

The following graphs show recent downloads for potentially vulnerable Springshell components from Maven Central.

Spring Shell Chart

Latest Insights

Understanding Spring4Shell


We’re proud to share our Spring4Shell dashboard to help researchers and interested parties track how the world is adopting new fixes for this. Our goal is not to bash Spring — vulnerabilities are liable to exist in any major piece of software, and indeed we see hundreds of them on a weekly basis. But, Spring4Shell does give us an unique opportunity to understand what happens in the software industry when a “Critical” but not “The Internet is on Fire”-level vulnerabilities appear. These are the everyday, pedestrian, bread-and-butter pieces of technical debt that deserve rapid and escalated understanding within the professional sphere of attention.

Spring is maintaining an updated page of announcement details.

Understanding Spring4Shell


We’re proud to share our Spring4Shell dashboard to help researchers and interested parties track how the world is adopting new fixes for this. Our goal is not to bash Spring — vulnerabilities are liable to exist in any major piece of software, and indeed we see hundreds of them on a weekly basis. But, Spring4Shell does give us an unique opportunity to understand what happens in the software industry when a “Critical” but not “The Internet is on Fire”-level vulnerabilities appear. These are the everyday, pedestrian, bread-and-butter pieces of technical debt that deserve rapid and escalated understanding within the professional sphere of attention.

Spring is maintaining an updated page of announcement details.

Updates

blog-numbers-update

Spring4Shell—By the Numbers

find-and-fix

Find and Fix Springshell

Springshell-blog

New Spring Framework RCE zero-day vulnerability Confirmed - Patch Now

Springshell-video

New Spring Framework RCE Vulnerability Confirmed (Springshell)

livestream-2

SpringShell has Sprung: The Latest Updates

spring-image

Spring Framework RCE, Early Announcement

Resource of Note

Tools to Help You Now

NexusVulnScanner_Icon

Nexus Vulnerability Scanner

Produce a Software Bill of Materials and catalog all of the components in your application.

Sonatype_Lift_Logo_color_stacked@2x (1)-1

Sonatype Lift

Find and fix critical security, performance, reliability, and style issues in developer code.

OWASP-icon

OWASP Dependency Check

Detect publicly disclosed vulnerabilities contained within your project’s dependencies

Protect Your Company's SDLC

Secure and automate your software supply chain.