Security News > 2022 > March > RCE Bug in Spring Cloud Could Be the Next Log4Shell, Researchers Warn

A critical security vulnerability has bloomed in the Spring Cloud Function, which could lead to remote code execution and the compromise of an entire internet-connected host.

Spring Cloud is an open-source microservices framework: A collection of ready-to-use components which are useful in building distributed applications in an enterprise.

"The Spring Cloud Function framework allows developers to write cloud-agnostic functions using Spring features. These functions can be stand-alone classes and one can easily deploy them on any cloud platform to build a serverless framework."

He added, "Since Spring Cloud Function can be used in Cloud serverless functions like AWS lambda or Google Cloud Functions, those functions might be impacted as wellleading the attackers inside your cloud account."

After applying the patch, anyone using applications built using Spring Cloud should take a careful inventory of their installations to make sure compromise hasn't already occurred, according to Sysdig.

Moving to the cloud? Discover emerging cloud-security threats along with solid advice for how to defend your assets with our FREE downloadable eBook, "Cloud Security: The Forecast for 2022." We explore organizations' top risks and challenges, best practices for defense, and advice for security success in such a dynamic computing environment, including handy checklists.

News URL

https://threatpost.com/critical-rce-bug-spring-log4shell/179173/