We are aware of the recent Spring Framework vulnerability disclosure, CVE-2022-22965. HashiCorp products and services are built using the
Go language and ecosystem, and do not utilize
Java or specifically the
Spring Framework. HashiCorp products and services have no known direct exposure at this point in time.
One specific HashiCorp-related project of potential relevance is Spring Vault, a third-party integration with Vault. This is not a HashiCorp product & we'd look to that project/community to provide any specific guidance on remediation, but suspect that exposure will be at the framework level rather than being specific to this project.
More broadly, beyond HashiCorp’s core products and services, HashiCorp utilizes software products & cloud services from a range of third parties across our business. We continue to systematically evaluate these for exposure and take action as appropriate.