A critical vulnerability has been identified in Spring Framework as listed here - https://tanzu.vmware.com/security/cve-2022-22965 & CVE-2022-22963: Remote code execution in Spring Cloud Function by malicious Spring Expression | Security | VMware Tanzu
Please let us know your responses for the below at the earlies
Do you use the vulnerable version of Spring Framework in Dynare listed in the CVE’s (https://tanzu.vmware.com/security/cve-2022-22965 & CVE-2022-22963: Remote code execution in Spring Cloud Function by malicious Spring Expression | Security | VMware Tanzu)?
I confirm that the Dynare Team does not use the Spring Framework.