According to a recent LinkedIn post from HeroDevs, the company is drawing attention to CVE-2022-31690, a high-severity vulnerability in Spring Security’s OAuth2 flow that can allow attackers to manipulate authorization requests and gain elevated privileges. The post emphasizes that the issue affects both currently supported and older, unsupported Spring versions, with no upstream fix available for end-of-life releases.
Claim 30% Off TipRanks
- Unlock hedge fund-level data and powerful investing tools for smarter, sharper decisions
- Discover top-performing stock ideas and upgrade to a portfolio of market leaders with Smart Investor Picks
The company’s LinkedIn post highlights that its Never-Ending Support (NES) for Spring offers patched, drop-in replacements intended to mitigate this exposure for organizations unable to upgrade immediately. For investors, the focus on maintaining security for legacy Spring deployments suggests potential recurring revenue opportunities in support and maintenance, and may strengthen HeroDevs’ positioning in the application security and enterprise Java ecosystem.