Loading HuntDB...

CVE-2022-22950

UNKNOWN
Published 2022-04-01T22:17:32
Actions:

Expert Analysis

Professional remediation guidance

Get tailored security recommendations from our analyst team for CVE-2022-22950. We'll provide specific mitigation strategies based on your environment and risk profile.

No CVSS data available

Description

n Spring Framework versions 5.3.0 - 5.3.16 and older unsupported versions, it is possible for a user to provide a specially crafted SpEL expression that may cause a denial of service condition.

Available Exploits

No exploits available for this CVE.

Related News

No news articles found for this CVE.

GitHub Security Advisories

Community-driven vulnerability intelligence from GitHub

✓ GitHub Reviewed MODERATE

Allocation of Resources Without Limits or Throttling in Spring Framework

GHSA-558x-2xjg-6232

Advisory Details

In Spring Framework versions 5.3.0 - 5.3.16, 5.2.0.RELEASE - 5.2.19.RELEASE, and older unsupported versions, it is possible for a user to provide a specially crafted SpEL expression that may cause a denial of service condition.

Affected Packages

Maven org.springframework:spring-expression
ECOSYSTEM: ≥5.3.0 <5.3.17
Maven org.springframework:spring-expression
ECOSYSTEM: ≥0 <5.2.20.RELEASE

CVSS Scoring

CVSS Score

5.0

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Advisory provided by GitHub Security Advisory Database. Published: April 3, 2022, Modified: March 28, 2023

References

Published: 2022-04-01T22:17:32
Last Modified: 2024-08-03T03:28:42.433Z
Copied to clipboard!