Cloudian HyperStore customers should be aware that a new vulnerability was found in Spring Core on JDK9+ that allows remote code execution. This vulnerability, referenced as Spring4shell, affects Cloudian HyperStore software version 7.2 or later.
Spring Core is part of a popular open-source framework used to build Java applications. The vulnerability takes advantage of an issue in this framework to allow malicious code execution on the host or container.
According to the CVSSv3 system, this issue scores as CRITICAL severity. This assessment is based on the impacts on confidentiality, integrity, and availability, as well as the ease of exploitation.
A patch is currently available for all affected HyperStore versions. Customers should install this patch immediately. If you require assistance, please contact Cloudian Support.