Springshell Exploit Resource Center

Live Dashboard

The following graphs show recent downloads for potentially vulnerable Springshell components from Maven Central.

Spring Shell Chart

Latest Insights

Understanding Spring4Shell


We’re proud to share our Spring4Shell dashboard to help researchers and interested parties track how the world is adopting new fixes for this. Our goal is not to bash Spring — vulnerabilities are liable to exist in any major piece of software, and indeed we see hundreds of them on a weekly basis. But, Spring4Shell does give us an unique opportunity to understand what happens in the software industry when a “Critical” but not “The Internet is on Fire”-level vulnerabilities appear. These are the everyday, pedestrian, bread-and-butter pieces of technical debt that deserve rapid and escalated understanding within the professional sphere of attention.

Spring is maintaining an updated page of announcement details.

Understanding Spring4Shell


We’re proud to share our Spring4Shell dashboard to help researchers and interested parties track how the world is adopting new fixes for this. Our goal is not to bash Spring — vulnerabilities are liable to exist in any major piece of software, and indeed we see hundreds of them on a weekly basis. But, Spring4Shell does give us an unique opportunity to understand what happens in the software industry when a “Critical” but not “The Internet is on Fire”-level vulnerabilities appear. These are the everyday, pedestrian, bread-and-butter pieces of technical debt that deserve rapid and escalated understanding within the professional sphere of attention.

Spring is maintaining an updated page of announcement details.

Updates

blog-numbers-update

Spring4Shell—By the Numbers

Read Now
find-and-fix

Find and Fix Springshell

Read Now
Springshell-blog

New Spring Framework RCE zero-day vulnerability Confirmed - Patch Now

Read Now
Springshell-video

New Spring Framework RCE Vulnerability Confirmed (Springshell)

Watch Now
livestream-2

SpringShell has Sprung: The Latest Updates

Watch Now
spring-image

Spring Framework RCE, Early Announcement

Resource of Note

Read Now

Tools to Help You Now

NexusVulnScanner_Icon

Nexus Vulnerability Scanner

Produce a Software Bill of Materials and catalog all of the components in your application.

SCAN NOW
Sonatype_Lift_Logo_color_stacked@2x (1)-1

Sonatype Lift

Find and fix critical security, performance, reliability, and style issues in developer code.

TRY FOR FREE
OWASP-icon

OWASP Dependency Check

Detect publicly disclosed vulnerabilities contained within your project’s dependencies

LEARN MORE

Protect Your Company's SDLC

Secure and automate your software supply chain.

Contact Us Today
Twitter LinkedIn Facebook YouTube GitHub
Products
Free Tools
Solutions
Resources
Customer Portal
Company
SON_logo_white@2x copy trimmed

Sonatype Headquarters - 8161 Maple Lawn Blvd #250, Fulton, MD 20759

Tysons Office - 8281 Greensboro Drive – Suite 630, McLean, VA 22102

Australia Office - 60 Martin Place Level 1, Sydney, NSW 2000, Australia

London Office -168 Shoreditch High Street, E1 6HU London

Subscribe for all the latest software security news and events

Copyright © 2008-present, Sonatype Inc. All rights reserved. Includes the third-party code listed here. Sonatype and Sonatype Nexus are trademarks of Sonatype, Inc. Apache Maven and Maven are trademarks of the Apache Software Foundation. M2Eclipse is a trademark of the Eclipse Foundation. All other trademarks are the property of their respective owners.

Terms of Service    Privacy Policy    Modern Slavery Statement    Event Terms and Conditions   Do Not Sell My Personal Information