Security researchers have discovered three vulnerabilities in the Spring Development Framework. One of which is a critical remote code execution flaw that could allow attackers to execute arbitrary code. The second bug resides in Spring’s Web model-view-controller (MVC) that allows attackers to access restricted directories. Pivotal has released Spring Framework 5.0.5 and 4.3.15, which include fixes for all the three vulnerabilities. The company has also released Spring Boot 2.0 and 1.5.11, that match the patched Spring Framework versions.
Source: https://thehackernews.com/2018/04/spring-framework-hacking.html