昨天 (還是前天開始) 應該很多人都沒睡覺在看 CVE-2022-22963[0] 簡單來說又有一個基礎 framework 的 RCE 安全性漏洞 官方文件上的 CVSS v3 分數是 5.4 (medium)[1] 看評估是個不嚴重的問題 是否要立即升級 就看各位的各種評估 ~ [0]: https://tanzu.vmware.com/security/cve-2022-22963 [1]: https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L -- ※ 發信站: 批踢踢實業坊(ptt.cc), 來自: 1.162.187.40 (臺灣) ※ 文章網址: https://www.ptt.cc/bbs/NetSecurity/M.1648688101.A.6B8.html --- [UPDATE] 打錯也可以打臉我啊 我常常把臉伸出來被打的 two RCE vulnerabilities were being discussed on the internet.[0] Most of the people talking about them believe they're talking about "Spring4Shell" (CVE Added: CVE-2022-22965), but in reality they're swapping notes about CVE-2022-22963. 看來 22963 跟 22965 兩個效果不太一樣 22965 嚴重多了[1] 是 9.8 (critical) [0]: https://www.lunasec.io/docs/blog/spring-rce-vulnerabilities/ [1]: https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H ※ 編輯: CMJ0121 (1.162.187.40 臺灣), 04/01/2022 08:57:33