CVE-2022-22970

Summary

In spring framework versions prior to 5.3.20+ , 5.2.22+ and old unsupported versions, applications that handle file uploads are vulnerable to DoS attack if they rely on data binding to set a MultipartFile or javax.servlet.Part to a field in a model object.

Affected Software

VendorProductVersion RangeStatus
n/aSpring FrameworkSpring Framework versions 5.3.x prior to 5.3.20, 5.2.x prior to 5.2.22 and all old and unsupported versionsaffected

Weaknesses

  • CWE-770: CWE-770: Allocation of Resources Without Limits or Throttling

ADP Enrichment

CVE Program Container

Additional References

References