What is Spring4Shell?

Products
Contrast runtime security platform

The next evolution in application security

Explore the platform
Contrast ADR Detect and respond to attacks

Contrast AST Find and fix vulnerabilities

Assess

SCA

Scan

Contrast One Managed runtime security
Solutions
By solution
By team
- SecOps
- AppSec
- Developer
- CISO
By industry
Partner
Partner program overview

Innovating together with proven success

Partner program overview
GitHub Actions Blog Series, Part 1: Pipeline Native Code Analysis

Read the blog
Customers
Company
- About us
- Leadership team
- Careers
- Contact us
Threat Report: Software Under Siege 2025
Get report
Resources
Resource center

Analyst reports, eBooks, on-demand webinars, white papers and more.

Visit resource center
Support and services
Education
A DevSecOps buyer’s guide for application security

Get the guide

What is Spring4Shell?

Zero-day, remote code execution (RCE) vulnerability in the Spring Framework was Disclosed on Tuesday, March 29, 2022. Impacted applications include those using Spring Framework ( with a spring-webmvc or spring-webflux dependency), running on JDK 9 or higher andApache Tomcat.

Spring4Shell

Table of Contents

What is Spring4Shell?