According to a recent LinkedIn post from HeroDevs, the company is drawing attention to CVE-2022-31690, a high-severity vulnerability affecting Spring Security’s OAuth2 flow. The post describes a scenario in which, under certain conditions, attackers may manipulate authorization requests and obtain broader access than originally intended.
Claim 30% Off TipRanks
- Unlock hedge fund-level data and powerful investing tools for smarter, sharper decisions
- Discover top-performing stock ideas and upgrade to a portfolio of market leaders with Smart Investor Picks
The company’s LinkedIn post highlights that the issue exploits gaps in OAuth2 scope validation and can impact both currently supported and older, unsupported Spring versions. The post further suggests that users running end-of-life Spring releases face heightened risk because no upstream security fixes are expected for those versions.
As described in the post, HeroDevs positions its Never-Ending Support (NES) for Spring as providing patched, drop-in replacements to mitigate such vulnerabilities while customers plan upgrades. For investors, this messaging indicates a focus on monetizing long-term support for legacy Java and Spring environments, a niche where enterprises often have limited alternatives and high switching costs.
The emphasis on security vulnerabilities and unsupported software could signal growing demand for extended support services in regulated or risk-sensitive sectors. If HeroDevs can convert security-driven urgency into recurring NES contracts, the company may strengthen its revenue visibility and deepen its role in the application security and legacy software maintenance market.