CVE-2022-22950
UNKNOWN
Published 2022-04-01T22:17:32
Actions:
Expert Analysis
Professional remediation guidance
Get tailored security recommendations from our analyst team for CVE-2022-22950. We'll provide specific mitigation strategies based on your environment and risk profile.
No CVSS data available
Description
n Spring Framework versions 5.3.0 - 5.3.16 and older unsupported versions, it is possible for a user to provide a specially crafted SpEL expression that may cause a denial of service condition.
Available Exploits
No exploits available for this CVE.
Related News
No news articles found for this CVE.
GitHub Security Advisories
Community-driven vulnerability intelligence from GitHub
✓ GitHub Reviewed
MODERATE
Allocation of Resources Without Limits or Throttling in Spring Framework
GHSA-558x-2xjg-6232Advisory Details
In Spring Framework versions 5.3.0 - 5.3.16, 5.2.0.RELEASE - 5.2.19.RELEASE, and older unsupported versions, it is possible for a user to provide a specially crafted SpEL expression that may cause a denial of service condition.
Affected Packages
Maven
org.springframework:spring-expression
ECOSYSTEM:
≥5.3.0
<5.3.17
Maven
org.springframework:spring-expression
ECOSYSTEM:
≥0
<5.2.20.RELEASE
CVSS Scoring
CVSS Score
5.0
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
References
Advisory provided by GitHub Security Advisory Database. Published: April 3, 2022, Modified: March 28, 2023
Published: 2022-04-01T22:17:32
Last Modified: 2024-08-03T03:28:42.433Z
Copied to clipboard!