“Spring Break” – Critical Security Vulnerability Found

By   ISBuzz Team
Writer , Information Security Buzz | Mar 06, 2018 01:00 pm PST

Reports are surfacing on “Spring Break”  – a new critical remote code execution (RCE) vulnerability which is affecting Pivotal Spring frameworks including Spring Boot, the world’s most popular framework for building web applications.

Steve Giguere, EMEA Engineer at Synopsys’ Software Integrity Group, commented below, “This is another good example of where free and open source software (FOSS) management is essential. 

Steve Giguere, EMEA Engineer at Synopsys’ Software Integrity Group:

“Not only would a FOSS analysis tool have found this vulnerability months before this official announcement (the CVE for this is dated January 4th 2018 – https://nvd.nist.gov/vuln/detail/CVE-2017-8046), but those using such a tool would have been alerted of the vulnerability in this framework hours after it was listed on NVD, as opposed to months later.  Hackers are looking for low hanging fruit, and understanding how important the gap between the discovery of a serious defect and taking action is essential.  Finding out as early as possible and fixing serious vulnerabilities in FOSS is critical to ensuring companies do not become the next headline.”

Notify of
0 Expert Comments
Inline Feedbacks
View all comments

Recent Posts

Would love your thoughts, please comment.x