Statement on Spring4Shell (CVE-2022-22965)
Appfigures is aware of CVE-2022-22965, a vulnerability in a popular Java library (also called Spring4Shell).
Immediately following the announcement, our teams have worked to evaluate our infrastructure and can confirm that we do not use Spring Core Framework in any part of our application stack.
The teams have identified one non-critical, self-hosted, third-party application we use, which is susceptible and has immediately disabled it until the vendor issues an appropriate fix.
This application has never been accessible from the public internet, and log analysis shows no unauthorized access.
If you have any questions don't hesitate to contact us directly.