Lev Aronsky is an accomplished security researcher, with almost two decades of experience in the field. Over the years, he researched OS internals, IoT firmware, and performed penetration testing for critical infrastructure and financtial firms. Presently, Lev leads the HCL AppScan security team.
A new vulnerability, dubbed SpringShell in Spring Framework, was recently discovered by the HCL AppScan team.SpringShell was given a CVE ID of CVE-2022-22965, and results in Remote Code Execution (RCE) upon successful exploitation, compromising the web server and putting it under the attacker's control. It affects Spring Framework versions 5.3.17/5.2.19 and lower (it was patched in versions 5.3.18/5.2.20).