CVE-2022-22950

Summary

n Spring Framework versions 5.3.0 - 5.3.16 and older unsupported versions, it is possible for a user to provide a specially crafted SpEL expression that may cause a denial of service condition.

Affected Software

VendorProductVersion RangeStatus
n/aSpring FrameworkSpring Framework versions 5.3.X prior to 5.3.17+ and all old and unsupported versionsaffected

Weaknesses

  • CWE-770: CWE-770: Allocation of Resources Without Limits or Throttling

ADP Enrichment

CVE Program Container

Additional References

References