CVE-2022-22965

Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. Vendor/Product: VMware Spring Framework. Added to CISA KEV 2022-04-04; required action: Apply updates per vendor instructions.