CVE-2024-22271
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
Summary
In Spring Cloud Function framework, versions 4.1.x prior to 4.1.2, 4.0.x prior to 4.0.8 an application is vulnerable to a DOS attack when attempting to compose functions with non-existing functions.
Specifically, an application is vulnerable when all of the following are true:
User is using Spring Cloud Function Web module
Affected Spring Products and Versions Spring Cloud Function Framework 4.1.0 to 4.1.2 4.0.0 to 4.0.8
References https://spring.io/security/cve-2022-22979 https://checkmarx.com/blog/spring-function-cloud-dos-cve-2022-22979-and-unintended-function-invocation/ History 2020-01-16: Initial vulnerability report published.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Spring by VMware Tanzu | Spring Cloud Function Framework | Spring Cloud Function Framework 4.1.0-4.1.2, Spring Cloud Function Framework 4.0.0-4.0.8 | affected |
Weaknesses
- Web DOS Vulnerability
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: yes
- Technical Impact: partial
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.