Lucene search
K

115 matches found

Github Security Blog
Github Security Blog
added 2022/06/22 12:0 a.m.23 views

Denial of Service in Spring Cloud Function

In Spring Cloud Function versions prior to 3.2.6, it is possible for a user who directly interacts with framework provided lookup functionality to cause a denial-of-service condition due to the caching issue in the Function Catalog component of the framework...

7.5CVSS3.6AI score0.0127EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2022/06/21 3:15 p.m.22 views

CVE-2022-22979

In Spring Cloud Function versions prior to 3.2.6, it is possible for a user who directly interacts with framework provided lookup functionality to cause a denial-of-service condition due to the caching issue in the Function Catalog component of the framework...

7.5CVSS0.0127EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2022/06/21 3:15 p.m.5 views

CVE-2022-22979

In Spring Cloud Function versions prior to 3.2.6, it is possible for a user who directly interacts with framework provided lookup functionality to cause a denial-of-service condition due to the caching issue in the Function Catalog component of the framework...

7.5CVSS6.7AI score0.0127EPSS
Exploits0References2
OSV
OSV
added 2022/06/21 3:15 p.m.16 views

CVE-2022-22979

In Spring Cloud Function versions prior to 3.2.6, it is possible for a user who directly interacts with framework provided lookup functionality to cause a denial-of-service condition due to the caching issue in the Function Catalog component of the framework...

7.5CVSS7.4AI score0.0127EPSS
Exploits0References1
Prion
Prion
added 2022/06/21 3:15 p.m.19 views

Race condition

In Spring Cloud Function versions prior to 3.2.6, it is possible for a user who directly interacts with framework provided lookup functionality to cause a denial-of-service condition due to the caching issue in the Function Catalog component of the framework...

5CVSS7.4AI score0.0127EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2022/06/21 2:23 p.m.32 views

CVE-2022-22979

In Spring Cloud Function versions prior to 3.2.6, it is possible for a user who directly interacts with framework provided lookup functionality to cause a denial-of-service condition due to the caching issue in the Function Catalog component of the framework...

8.1AI score0.0127EPSS
Exploits0References1
CVE
CVE
added 2022/06/21 2:23 p.m.113 views

CVE-2022-22979

CVE-2022-22979 affects Spring Cloud Function Framework (Function Catalog) where a caching issue can allow a denial-of-service condition when a user directly interacts with framework-provided lookup functionality. Affected versions include Spring Cloud Function Framework 4.1.x prior to 4.1.2 and 4...

7.5CVSS7.3AI score0.0127EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2022/06/21 12:0 a.m.3 views

Spring Cloud 安全漏洞

Spring Cloud is a microservices framework implemented in Spring Boot by the Spring community. A security vulnerability exists in Spring Cloud Function versions prior to 3.2.6, which stems from a caching issue in the Function Catalog component and is exploited by an attacker to cause a denial of...

7.5CVSS6.7AI score0.0127EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2022/06/21 12:0 a.m.3 views

PT-2022-7238 · Unknown · Spring Cloud Function

Name of the Vulnerable Software and Affected Versions: Spring Cloud Function versions prior to 3.2.6 Description: The issue is related to a caching problem in the Function Catalog component, which can cause a denial-of-service condition when a user directly interacts with the framework's lookup...

8.2CVSS7.2AI score0.0127EPSS
Exploits0References16
Veracode
Veracode
added 2022/06/16 4:24 a.m.28 views

Denial Of Service (DoS)

spring-cloud-function-context is denial of service. An attacker who directly interacts with framework can send malicious payload to the lookup function, triggering a caching issue in Function Catalog component of the framework and crashing the application...

7.5CVSS7.3AI score0.0127EPSS
Exploits0References3Affected Software1
Spring Security Advisories
Spring Security Advisories
added 2022/06/16 12:8 a.m.23 views

CVE report published for Spring Cloud Function

We have released Spring Cloud Function 3.2.6 to address the following CVE report. CVE-2202-22979: Spring Cloud Function Dos Vulnerability Please review the information in the CVE report and upgrade immediately...

5CVSS2.3AI score0.0127EPSS
Exploits0
Spring Security Advisories
Spring Security Advisories
added 2022/06/15 12:0 a.m.6 views

Spring Cloud Function Dos Vulnerability

In Spring Cloud Function versions 3.2.5 and older unsupported versions, it is possible for a user who directly interacts with framework provided lookup functionality to cause denial of service condition due to the caching issue in Function Catalog component of the framework. At the time of writin...

7.5CVSS6.6AI score0.0127EPSS
Exploits0References3
Spring Security Advisories
Spring Security Advisories
added 2022/05/17 11:5 p.m.33 views

This Week in Spring - May 17th, 2022

Hi, Spring fans! Welcome to another installment of This Week in Spring! I am in beautiful Barcelona, Spain, this week, ahead of the upcoming Spring I/O show. I just spent a wonderful week in amazing England, meeting old friends, speaking at Devoxx UK, etc. A Bootiful Podcast: EasyMock contributor...

7.2AI score
Exploits0
GithubExploit
GithubExploit
added 2022/04/14 11:10 a.m.439 views

Exploit for Code Injection in Vmware Spring_Cloud_Function

Spring Cloud Function SpEL Expression Injection Vulnerability...

9.8CVSS7.7AI score0.99939EPSS
Exploits36
Tenable Nessus
Tenable Nessus
added 2022/04/14 12:0 a.m.158 views

VMware Spring Cloud Function < 3.1.7 / 3.2.x < 3.2.3 SPEL Expression Injection (local check)

The version of Spring Cloud Function running on the remote host is affected by a remote code execution vulnerability in the routing functionality. A remote, unauthenticated attacker could provide a specially crafted SpEL as a routing expression that may result in remote code execution on the remo...

9.8CVSS9.2AI score0.99939EPSS
Exploits36References4
RedHat Linux
RedHat Linux
added 2022/04/11 8:25 a.m.7 views

spring-cloud-function: Remote code execution by malicious Spring Expression

A flaw was found in Spring Cloud Function via the spring.cloud.function.routing-expression header that is modified by the attacker to contain malicious expression language code. The attacker is able to call functions that should not normally be accessible, including runtime exec calls...

9.8CVSS7.1AI score0.99939EPSS
Exploits36References7
Saint
Saint
added 2022/04/05 12:0 a.m.232 views

Spring Cloud Function Remote Code Execution

Added: 04/05/2022 Background Spring Cloud Function abstracts all transport details and infrastructure, allowing developers to keep all familiar tools and processes and focus on business logic. Problem Spring Cloud Function has remote code execution vulnerability. An attacker could provide a craft...

9.8CVSS9.8AI score0.99939EPSS
Exploits36
Saint
Saint
added 2022/04/05 12:0 a.m.433 views

Spring Cloud Function Remote Code Execution

Added: 04/05/2022 Background Spring Cloud Function abstracts all transport details and infrastructure, allowing developers to keep all familiar tools and processes and focus on business logic. Problem Spring Cloud Function has remote code execution vulnerability. An attacker could provide a craft...

9.8CVSS9.8AI score0.99939EPSS
Exploits36
Broadcom
Broadcom
added 2022/04/04 12:0 a.m.11 views

BSA-2022-1768

Security Advisory ID : BSA-2022-1768 Component : Spring Cloud Revision : 1.0 In Spring Cloud Function versions 3.1.6, 3.2.2 and older unsupported versions, when using routing functionality it is possible for a user to provide a specially crafted SpEL as a routing-expression that may result in...

9.8CVSS7.6AI score0.99939EPSS
Exploits36
vulnersOsv
vulnersOsv
added 2022/04/03 12:0 a.m.4 views

city.smartb.f2:f2-spring-boot-starter-function (>=0.2.2 <=0.6.0), city.smartb.f2:f2-spring-boot-starter-function-http (>=0.2.2 <=0.6.0) +412 more potentially affected by CVE-2022-22963 via org.springframework.cloud:spring-cloud-function-context (>=3.2.0 <=3.2.2)

org.springframework.cloud:spring-cloud-function-context MAVEN version =3.2.0, =0.2.2, =0.2.2, =0.2.2, =0.2.0, =0.2.0, =0.2.0, =0.5.0, =0.2.0, =0.2.0, =0.5.0, =0.5.0, =0.5.0, =0.5.0, =0.5.0, =0.6.0 and more Source cves: CVE-2022-22963 Source advisory: OSV:GHSA-6V73-FGF6-W5J7...

9.8CVSS7.3AI score0.99939EPSS
Exploits36
Rows per page
Query Builder