A zero-day vulnerability found in the popular Java Web application development framework Spring has been disclosed. The vulnerability could be exploited remotely if a Spring application is deployed to an Apache Tomcat server using a common configuration. Spring maintainers confirmed the vulnerability is indeed previously undisclosed, assigned an identifier (CVE-2022-22965) The vulnerability will likely require broad patching to make certain that installations are not vulnerable to remote compromise, says Praetorian security expert Richard Ford. The attack currently works for Spring applications deployed to Tomcat.”]