Описание
In spring framework versions prior to 5.3.20+ , 5.2.22+ and old unsupported versions, application with a STOMP over WebSocket endpoint is vulnerable to a denial of service attack by an authenticated user.
A flaw was found in Spring Framework Applications. Applications that use STOMP over the WebSocket endpoint are vulnerable to a denial of service attack caused by an authenticated user.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| A-MQ Clients 2 | springframework | Not affected | ||
| Red Hat build of Quarkus | springframework | Not affected | ||
| Red Hat Data Grid 8 | springframework | Not affected | ||
| Red Hat Decision Manager 7 | springframework | Fix deferred | ||
| Red Hat Integration Camel K 1 | springframework | Not affected | ||
| Red Hat Integration Camel Quarkus 1 | springframework | Not affected | ||
| Red Hat Integration Data Virtualisation Operator | springframework | Not affected | ||
| Red Hat JBoss BRMS 5 | springframework | Out of support scope | ||
| Red Hat JBoss Data Grid 7 | springframework | Out of support scope | ||
| Red Hat JBoss Data Virtualization 6 | springframework | Out of support scope |
Показывать по
Дополнительная информация
Статус:
EPSS
6.5 Medium
CVSS3
Связанные уязвимости
In spring framework versions prior to 5.3.20+ , 5.2.22+ and old unsupported versions, application with a STOMP over WebSocket endpoint is vulnerable to a denial of service attack by an authenticated user.
In spring framework versions prior to 5.3.20+ , 5.2.22+ and old unsupported versions, application with a STOMP over WebSocket endpoint is vulnerable to a denial of service attack by an authenticated user.
In spring framework versions prior to 5.3.20+ , 5.2.22+ and old unsupp ...
Allocation of Resources Without Limits or Throttling in Spring Framework
Уязвимость программной платформы Spring Framework, связанная с неограниченным распределением ресурсов, позволяющая нарушителю вызвать отказ в обслуживании
EPSS
6.5 Medium
CVSS3