CVE-2022-22950

Опубликовано: 01 апр. 2022

Источник: nvd

CVSS3: 6.5

CVSS2: 4

EPSS Низкий

Описание

n Spring Framework versions 5.3.0 - 5.3.16 and older unsupported versions, it is possible for a user to provide a specially crafted SpEL expression that may cause a denial of service condition.

Ссылки

https://tanzu.vmware.com/security/cve-2022-22950
Mitigation
Vendor Advisory
https://tanzu.vmware.com/security/cve-2022-22950
Mitigation
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:vmware:spring_framework:*:*:*:*:*:*:*:*

Версия до 5.2.20 (исключая)

cpe:2.3:a:vmware:spring_framework:*:*:*:*:*:*:*:*

Версия от 5.3.0 (включая) до 5.3.17 (исключая)

EPSS

Процентиль: 89%

0.04547

Низкий

6.5 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-770

Связанные уязвимости

CVE-2022-22950

CVSS3: 6.5

ubuntu

около 3 лет назад

n Spring Framework versions 5.3.0 - 5.3.16 and older unsupported versions, it is possible for a user to provide a specially crafted SpEL expression that may cause a denial of service condition.

CVE-2022-22950

CVSS3: 7.5

redhat

около 3 лет назад

n Spring Framework versions 5.3.0 - 5.3.16 and older unsupported versions, it is possible for a user to provide a specially crafted SpEL expression that may cause a denial of service condition.

CVE-2022-22950

CVSS3: 6.5

debian

около 3 лет назад

n Spring Framework versions 5.3.0 - 5.3.16 and older unsupported versi ...

GHSA-558x-2xjg-6232

CVSS3: 6.5

github

около 3 лет назад

Allocation of Resources Without Limits or Throttling in Spring Framework

EPSS

Процентиль: 89%

0.04547

Низкий

6.5 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-770