CVE-2022-22971

Summary

In spring framework versions prior to 5.3.20+ , 5.2.22+ and old unsupported versions, application with a STOMP over WebSocket endpoint is vulnerable to a denial of service attack by an authenticated user.

Affected Software

VendorProductVersion RangeStatus
n/aSpring FrameworkSpring Framework versions 5.3.x prior to 5.3.20, 5.2.x prior to 5.2.22 and all old and unsupported versionsaffected

Weaknesses

  • CWE-770: CWE-770: Allocation of Resources Without Limits or Throttling

ADP Enrichment

CVE Program Container

Additional References

References