All Products
Document Center

[Vulnerability notice] Remote command execution vulnerability in Java Spring Boot framework

Last Updated: Jan 13, 2020


Spring Boot is a lightweight framework that takes most of the work out of configuring Spring-based applications.

Security experts pointed out that if custom handling is not performed for Spring Boot exceptions, attackers may construct malicious code to run any command remotely.

Affected versions

Spring Boot 1.1 - 1.3.0