Lucene search
K

115 matches found

Snyk
Snyk
added 2026/05/08 12:0 a.m.11 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling through the SimpleFunctionRegistry composition. An attacker can exhaust memory or trigger unbounded recursive function composition by supplying crafted function definitions that...

8.7CVSS5.8AI score0.00211EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/08 12:0 a.m.10 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling through the SimpleFunctionRegistry composition and function wrapper cache in SimpleFunctionRegistry.java. An attacker can exhaust memory by supplying many distinct composed function...

8.7CVSS5.8AI score0.00211EPSS
Exploits0References2
GithubExploit
GithubExploit
added 2026/05/05 2:42 p.m.75 views

Exploit for Code Injection in Vmware Spring_Cloud_Function

No d...

9.8CVSS7.3AI score0.99939EPSS
Exploits36
GithubExploit
GithubExploit
added 2026/04/28 2:25 p.m.104 views

Exploit for Code Injection in Vmware Spring_Cloud_Function

CVE-2022-22963 — Demo Methodology ⚠️ Overview This demo s...

9.8CVSS9.1AI score0.99939EPSS
Exploits36
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2024-2370

Malicious code in bioql PyPI...

8.2CVSS6.5AI score0.0036EPSS
Exploits0References6
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2022-6126

Malicious code in bioql PyPI...

7.5CVSS6.5AI score0.0127EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/05/22 11:51 p.m.9 views

CVE-2022-22979

In Spring Cloud Function versions prior to 3.2.6, it is possible for a user who directly interacts with framework provided lookup functionality to cause a denial-of-service condition due to the caching issue in the Function Catalog component of the framework...

7.5CVSS6.6AI score0.0127EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2024/11/14 12:0 a.m.5 views

The vulnerability in the web module of the Spring Cloud Function software platform allows a attacker to perform a “denial-of-service” attack.

The vulnerability in the Spring Cloud Function software platform’s web module is related to insufficient validation of input data. Exploiting this vulnerability allows a remote attacker to execute a “denial-of-service” attack...

8.5CVSS6.8AI score0.0036EPSS
Exploits0References5Affected Software1
vulnersOsv
vulnersOsv
added 2024/08/23 9:30 a.m.5 views

com.alipay.sofa.koupleless:arklet-springboot-starter (>=2.1.0 <=2.1.11), com.alipay.sofa.koupleless:koupleless-base-starter (>=2.1.0 <=2.1.11) +8 more potentially affected by CVE-2024-38807 via org.springframework.boot:spring-boot-loader (>=3.2.0 <=3.2.7)

org.springframework.boot:spring-boot-loader MAVEN version =3.2.0, =2.1.0, =2.1.0, =4.2.0, =4.2.0, =3.1.0, =0.4.0, =4.3.0, =4.1.0, =4.1.0, =4.1.5 Source cves: CVE-2024-38807 Source advisory: OSV:GHSA-7CJ3-X93G-GJ76...

6.3CVSS7.2AI score0.00123EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2024/08/23 9:30 a.m.5 views

io.americanexpress.synapse:sample-function-greeter-gcp (>=0.4.15 <=0.4.16), io.zipkin:zipkin-server (>=3.3.1 <=3.4.1) +3 more potentially affected by CVE-2024-38807 via org.springframework.boot:spring-boot-loader-classic (>=3.3.0 <=3.3.2)

org.springframework.boot:spring-boot-loader-classic MAVEN version =3.3.0, =0.4.15, =3.3.1, =3.3.0, =3.3.13 - org.springframework.cloud:spring-cloud-function-adapter-gcp =4.1.6 - org.springframework.cloud:spring-cloud-function-deployer =4.1.6 Source cves: CVE-2024-38807 Source advisory:...

6.3CVSS7.2AI score0.00123EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2024/07/09 3:30 p.m.6 views

ch.sbb:spring-cloud-stream-binder-solace (>=4.0.0 <=4.0.1), cn.herodotus.engine:message-kafka-spring-boot-starter (>=3.2.0.0 <=3.3.0.2) +441 more potentially affected by CVE-2024-22271 via org.springframework.cloud:spring-cloud-function-context (>=4.1.0 <=4.1.1)

org.springframework.cloud:spring-cloud-function-context MAVEN version =4.1.0, =4.0.0, =3.2.0.0, =3.2.0.0, =3.2.0.0, =3.2.0.0, =3.3.0.0, =3.3.0.0, =3.3.0.0, =3.3.0.0, =3.3.0.0, =2023.0.0.0-RC1, =2023.0.0.0-RC1, =5.8.0, =5.8.0, =5.8.0, =5.13...

8.2CVSS7.1AI score0.0036EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2024/07/09 3:30 p.m.6 views

city.smartb.cccev:api-commons-jvm (>=0.14.0 <=0.15.0-RC2), city.smartb.cccev:cccev-certification-api (>=0.15.0 <=0.15.0-RC2) +397 more potentially affected by CVE-2024-22271 via org.springframework.cloud:spring-cloud-function-context (>=4.0.0 <=4.0.6)

org.springframework.cloud:spring-cloud-function-context MAVEN version =4.0.0, =0.14.0, =0.15.0, =0.15.0, =0.15.0, =0.15.0, =0.15.0, =0.15.0, =0.15.0, =0.15.0, =0.15.0, =0.15.0, =0.15.0, =0.15.0, =0.15.0, =0.15.0, =0.15.0-RC2 and more Source cves: CVE-2024-22271 Source advisory:...

8.2CVSS7.1AI score0.0036EPSS
Exploits0
OSV
OSV
added 2024/07/09 3:30 p.m.1 views

GHSA-J4R7-P9FP-W3F3 Spring Cloud Function Framework vulnerable to Denial of Service

In Spring Cloud Function framework, versions 4.1.x prior to 4.1.2, 4.0.x prior to 4.0.8 an application is vulnerable to a DOS attack when attempting to compose functions with non-existing functions. Specifically, an application is vulnerable when all of the following are true: User is using Sprin...

8.8CVSS6.8AI score0.0036EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2024/07/09 3:30 p.m.39 views

Spring Cloud Function Framework vulnerable to Denial of Service

In Spring Cloud Function framework, versions 4.1.x prior to 4.1.2, 4.0.x prior to 4.0.8 an application is vulnerable to a DOS attack when attempting to compose functions with non-existing functions. Specifically, an application is vulnerable when all of the following are true: User is using Sprin...

8.2CVSS6.5AI score0.0036EPSS
Exploits0References6Affected Software1
RedhatCVE
RedhatCVE
added 2024/07/09 2:21 p.m.14 views

CVE-2024-22271

A flaw was found in the Spring Cloud Function framework. Affected versions of this package are vulnerable to denial of service DoS when attempting to compose functions with nonexisting functions. This flaw allows an attacker to trigger a cache overflow. Mitigation Mitigation for this issue is...

7.5CVSS7.7AI score0.0036EPSS
Exploits0References4
NVD
NVD
added 2024/07/09 1:15 p.m.39 views

CVE-2024-22271

In Spring Cloud Function framework, versions 4.1.x prior to 4.1.2, 4.0.x prior to 4.0.8 an application is vulnerable to a DOS attack when attempting to compose functions with non-existing functions. Specifically, an application is vulnerable when all of the following are true: User is using Sprin...

8.2CVSS0.0036EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/07/09 12:50 p.m.20 views

CVE-2024-22271 Spring Cloud Function Web DOS Vulnerability

In Spring Cloud Function framework, versions 4.1.x prior to 4.1.2, 4.0.x prior to 4.0.8 an application is vulnerable to a DOS attack when attempting to compose functions with non-existing functions. Specifically, an application is vulnerable when all of the following are true: User is using Sprin...

8.2CVSS6.6AI score0.0036EPSS
Exploits0References1
CVE
CVE
added 2024/07/09 12:50 p.m.67 views

CVE-2024-22271

The CVE-2024-22271 entry describes a denial-of-service vulnerability in Spring Cloud Function Framework when composing functions with non-existing functions. Affected versions are Spring Cloud Function Framework 4.1.0–4.1.2 and 4.0.0–4.0.8, specifically when using the Web module. The root cause i...

8.2CVSS7.6AI score0.0036EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/07/09 12:50 p.m.38 views

CVE-2024-22271 Spring Cloud Function Web DOS Vulnerability

In Spring Cloud Function framework, versions 4.1.x prior to 4.1.2, 4.0.x prior to 4.0.8 an application is vulnerable to a DOS attack when attempting to compose functions with non-existing functions. Specifically, an application is vulnerable when all of the following are true: User is using Sprin...

8.2CVSS0.0036EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/07/09 12:0 a.m.7 views

Spring Cloud Security Vulnerabilities

Spring Cloud is a microservices framework based on Spring Boot implementation by the US Spring team. A security vulnerability exists in Spring Cloud Function Framework versions 4.1.x prior to 4.1.2 and 4.0.x prior to 4.0.8, which stems from an application being vulnerable to a denial-of-service...

8.2CVSS6.7AI score0.0036EPSS
Exploits0References3
Rows per page
Query Builder