Critical Guidance on the CVE 2022-22965 (Spring4Shell) Vulnerability

This report details the Spring4Shell RCE (CVE-2022-22965) affecting Spring Framework applications running on JDK9+ with Apache Tomcat packaged as WARs, lists affected versions and vendor advisories, recommends upgrading to patched Spring/Spring Boot versions or applying mitigations (WAF rules and DataBinder denylist), and provides detection resources (YARA, scanners, OWASP Dependency Check) and proof-of-concept links. It also notes a separate related issue (CVE-2022-22963) and aggregates community resources and guidance.