The vulnerability exists in the Spring core with the JDK version greater or equal to 9.0.

pass: infected