Описание
In spring framework versions prior to 5.3.20+ , 5.2.22+ and old unsupported versions, applications that handle file uploads are vulnerable to DoS attack if they rely on data binding to set a MultipartFile or javax.servlet.Part to a field in a model object.
A flaw was found in Spring Framework. Applications that handle file uploads are vulnerable to a denial of service (DoS) attack if they rely on data binding to set a MultipartFile or javax.servlet.Part to a field in a model object.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| A-MQ Clients 2 | springframework | Not affected | ||
| Red Hat build of Quarkus | springframework | Not affected | ||
| Red Hat Data Grid 8 | springframework | Not affected | ||
| Red Hat Decision Manager 7 | springframework | Fix deferred | ||
| Red Hat Integration Camel K 1 | springframework | Not affected | ||
| Red Hat Integration Camel Quarkus 1 | springframework | Not affected | ||
| Red Hat Integration Data Virtualisation Operator | springframework | Out of support scope | ||
| Red Hat JBoss BRMS 5 | springframework | Out of support scope | ||
| Red Hat JBoss Data Grid 7 | springframework | Out of support scope | ||
| Red Hat JBoss Data Virtualization 6 | springframework | Out of support scope |
Показывать по
Дополнительная информация
Статус:
EPSS
5.3 Medium
CVSS3
Связанные уязвимости
In spring framework versions prior to 5.3.20+ , 5.2.22+ and old unsupported versions, applications that handle file uploads are vulnerable to DoS attack if they rely on data binding to set a MultipartFile or javax.servlet.Part to a field in a model object.
In spring framework versions prior to 5.3.20+ , 5.2.22+ and old unsupported versions, applications that handle file uploads are vulnerable to DoS attack if they rely on data binding to set a MultipartFile or javax.servlet.Part to a field in a model object.
In spring framework versions prior to 5.3.20+ , 5.2.22+ and old unsupp ...
EPSS
5.3 Medium
CVSS3