WhiteSource Launches Free Developer Tool to Detect and Remediate Spring4Shell Vulnerability

×

Error message

  • Notice: Undefined property: stdClass::$ds_changed in eval() (line 16 of /var/www/7/modules/php/php.module(80) : eval()'d code).
  • Notice: Undefined property: stdClass::$ss_search_api_url in eval() (line 20 of /var/www/7/modules/php/php.module(80) : eval()'d code).
  • Notice: Undefined property: stdClass::$tm_title in eval() (line 20 of /var/www/7/modules/php/php.module(80) : eval()'d code).

TEL AVIV, Israel and BOSTON, April 1, 2022 /PRNewswire/ -- WhiteSource, a leader in application security, today launched WhiteSource Spring4Shell Detect, a free command-line interface (CLI) tool that quickly scans projects to find vulnerable open source libraries for CVE-2022-22965, also known as Spring4Shell. 

Metadata
Provider: 
PR NewswirePR Newswire
Retrieved on: 
Friday, April 1, 2022
Information
Tags: 
Zero, Microsoft, Risk, Spring Framework, Organization, Library, GitHub, IBM, Multimedia, Philips, Environment, CEO, Comcast, View, Software, Industry, WhiteSource, Log4j, TEL, Attention, RCE, CLI, Java, Satellite navigation device, Risk management
Geotags: 
ISRAEL, MASSACHUSETTS
Organisation: 
WHITESOURCE
Summary
Key Points: 
  • TEL AVIV, Israeland BOSTON, April 1, 2022 /PRNewswire/ -- WhiteSource , a leader in application security, today launched WhiteSource Spring4Shell Detect , a free command-line interface (CLI) tool that quickly scans projects to find vulnerable open source libraries for CVE-2022-22965, also known as Spring4Shell.
  • WhiteSource's free developer tool, which is available now on GitHub , provides developers with the exact path to direct and indirect dependencies, along with the fixed version, for speedy remediation.
  • "Organizations and security teams must approach Spring4Shell with the same attention and urgency they did with the recent Log4j vulnerability," said Rami Sass, CEO, WhiteSource.
  • More information on the Spring4Shell vulnerability can be found on WhiteSource's blog: Spring4Shell Zero-Day Vulnerability: Information and Remediation for CVE-2022-22965
    WhiteSource helps organizations accelerate the development of secure software at scale.


WhiteSource Launches Free Developer Tool to Detect and Remediate Spring4Shell Vulnerability

Developer tool now available for use on GitHub

TEL AVIV, Israel and BOSTON, April 1, 2022 /PRNewswire/ -- WhiteSource, a leader in application security, today launched WhiteSource Spring4Shell Detect, a free command-line interface (CLI) tool that quickly scans projects to find vulnerable open source libraries for CVE-2022-22965, also known as Spring4Shell. 

Spring4Shell is a remote code execution (RCE) vulnerability in Spring, one of the most popular open-source frameworks for Java applications in use today. While we are still learning about this vulnerability, its impact is likely on par with that of Log4j and it is considered extremely critical with a severity score of 9.8. WhiteSource's free developer tool, which is available now on GitHub, provides developers with the exact path to direct and indirect dependencies, along with the fixed version, for speedy remediation.

"Organizations and security teams must approach Spring4Shell with the same attention and urgency they did with the recent Log4j vulnerability," said Rami Sass, CEO, WhiteSource. "This vulnerability highlights the importance of a proactive approach to software security and the need for more automated application security to be baked into the development lifecycle. Ensure you are handling your technical debt, and update."

Given the potential widespread impact and risk of this zero-day vulnerability, WhiteSource recommends organizations take the following steps to address and prevent similar instances in the future:

  • Inventory your entire application list to identify all instances of CVE-2022-22965. This can be done using WhiteSource's free detection tool.
  • Update your vulnerable versions of Spring Framework to the latest version. Use tools such as WhiteSource Renovate, which can automatically update your libraries with the latest available fixes.
  • Generate a software bill of materials (SBOM) for all applications in your environment. An SBOM provides visibility to your entire software attack surface — both direct and transitive dependencies — and helps you react quickly to vulnerability announcements.

WhiteSource Renovate, which has more than one hundred million downloads, automatically updates dependencies and has already identified and mitigated the Spring4Shell vulnerability for tens of thousands of enterprises around the world.

More information on the Spring4Shell vulnerability can be found on WhiteSource's blog: Spring4Shell Zero-Day Vulnerability: Information and Remediation for CVE-2022-22965

About WhiteSource

WhiteSource helps organizations accelerate‌ the development of secure software ‌at‌ ‌scale‌. We provide automated tools that help bridge the security knowledge gap, integrating easily into the software development life cycle and going beyond detection with a remediation-first approach. WhiteSource is built on the most comprehensive vulnerability database in the industry, providing the widest coverage for threats and attack vectors. Our solution helps enterprises like Microsoft, IBM, Comcast, Philips, and many more reduce security risk and increase the productivity of their security and development teams. For more information, visit www.whitesourcesoftware.com.

Cision View original content to download multimedia:https://www.prnewswire.com/news-releases/whitesource-launches-free-developer-tool-to-detect-and-remediate-spring4shell-vulnerability-301515888.html

SOURCE WhiteSource

Copyright: 
2022 PR Newswire. All Rights Reserved.