Latest Update: April 14, 2022
The security of Infutor’s data and systems is always our highest priority. Infutor is aware of:
- CVE-2022-22963, remote code execution in Spring Cloud Function by malicious Spring Expression
- Spring4Shell (CVE-2022-22965), remote code execution in Spring Framework via Data Binding on Java Development Kit (JDK) version 9 or later
Impact: As of April 4, we have confirmed that these vulnerabilities do not affect Infutor’s products and services. The Infutor platform does not utilize any Spring Framework as part of our production environment or for any client access. The Infutor Security and Incident Response teams have implemented additional threat detection measures and are actively monitoring this issue should further response be required.
As more information becomes available, we will update this web page.