Does Quarkus have the spring4shell vulnerability? #25398

HeeroJheng · 2022-05-05T12:02:10Z

HeeroJheng
May 5, 2022

Hi,

We developed microservices with Quarkus and its extensions for Spring( DI, Web API, and etc). Does it have any spring4shell vulnerability in our microservices?

Answered by geoand

May 5, 2022

Hi, Quarkus does not suffer from said vulnerability because it never executes any Spring classes, it just uses the Spring API.

If you dig even deeper, you'll see that the problematic Spring classes are not even on the classpath

View full answer

@geoand · 2022-05-05T12:02:12Z

quarkus-bot[bot]
bot May 5, 2022

/cc @geoand

0 replies

geoand · 2022-05-05T12:08:22Z

geoand
May 5, 2022
Collaborator

Hi, Quarkus does not suffer from said vulnerability because it never executes any Spring classes, it just uses the Spring API.

If you dig even deeper, you'll see that the problematic Spring classes are not even on the classpath

2 replies

HeeroJheng May 6, 2022
Author

Thanks for your answer!

geoand May 6, 2022
Collaborator

YW!

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Does Quarkus have the spring4shell vulnerability? #25398

Uh oh!

{{title}}

Uh oh!

Replies: 2 comments 2 replies

Uh oh!

{{title}}

Uh oh!

Uh oh!

{{title}}

Uh oh!

Uh oh!

{{title}}

Uh oh!

Uh oh!

{{title}}

Uh oh!

Select a reply

Uh oh!

Does Quarkus have the spring4shell vulnerability? #25398

Uh oh!

HeeroJheng May 5, 2022

Replies: 2 comments · 2 replies

Uh oh!

quarkus-bot[bot] bot May 5, 2022

Uh oh!

geoand May 5, 2022 Collaborator

Uh oh!

HeeroJheng May 6, 2022 Author

Uh oh!

geoand May 6, 2022 Collaborator

HeeroJheng
May 5, 2022

Replies: 2 comments 2 replies

quarkus-bot[bot]
bot May 5, 2022

geoand
May 5, 2022
Collaborator

HeeroJheng May 6, 2022
Author

geoand May 6, 2022
Collaborator