Issue
Is the system affected by CVE-2022-22965 if it only uses spring-plugin-core from the mentioned impacted list?
Configuration
- java 8
- Spring boot : 2.2.6.RELEASE
- Packaged as executable JAR
- spring-plugin-core : 1.2.0.RELEASE
Solution
a quick search for Spring Boot 2.2.6.RELEASE shows the maven repository with all vulnerabilities listed: https://mvnrepository.com/artifact/org.springframework.boot/spring-boot/2.2.6.RELEASE
Answered By - grange
Answer Checked By - Candace Johnson (JavaFixing Volunteer)