115 matches found
Denial of Service in Spring Cloud Function
In Spring Cloud Function versions prior to 3.2.6, it is possible for a user who directly interacts with framework provided lookup functionality to cause a denial-of-service condition due to the caching issue in the Function Catalog component of the framework...
CVE-2022-22979
In Spring Cloud Function versions prior to 3.2.6, it is possible for a user who directly interacts with framework provided lookup functionality to cause a denial-of-service condition due to the caching issue in the Function Catalog component of the framework...
CVE-2022-22979
In Spring Cloud Function versions prior to 3.2.6, it is possible for a user who directly interacts with framework provided lookup functionality to cause a denial-of-service condition due to the caching issue in the Function Catalog component of the framework...
CVE-2022-22979
In Spring Cloud Function versions prior to 3.2.6, it is possible for a user who directly interacts with framework provided lookup functionality to cause a denial-of-service condition due to the caching issue in the Function Catalog component of the framework...
Race condition
In Spring Cloud Function versions prior to 3.2.6, it is possible for a user who directly interacts with framework provided lookup functionality to cause a denial-of-service condition due to the caching issue in the Function Catalog component of the framework...
CVE-2022-22979
In Spring Cloud Function versions prior to 3.2.6, it is possible for a user who directly interacts with framework provided lookup functionality to cause a denial-of-service condition due to the caching issue in the Function Catalog component of the framework...
CVE-2022-22979
CVE-2022-22979 affects Spring Cloud Function Framework (Function Catalog) where a caching issue can allow a denial-of-service condition when a user directly interacts with framework-provided lookup functionality. Affected versions include Spring Cloud Function Framework 4.1.x prior to 4.1.2 and 4...
Spring Cloud 安全漏洞
Spring Cloud is a microservices framework implemented in Spring Boot by the Spring community. A security vulnerability exists in Spring Cloud Function versions prior to 3.2.6, which stems from a caching issue in the Function Catalog component and is exploited by an attacker to cause a denial of...
PT-2022-7238 · Unknown · Spring Cloud Function
Name of the Vulnerable Software and Affected Versions: Spring Cloud Function versions prior to 3.2.6 Description: The issue is related to a caching problem in the Function Catalog component, which can cause a denial-of-service condition when a user directly interacts with the framework's lookup...
Denial Of Service (DoS)
spring-cloud-function-context is denial of service. An attacker who directly interacts with framework can send malicious payload to the lookup function, triggering a caching issue in Function Catalog component of the framework and crashing the application...
CVE report published for Spring Cloud Function
We have released Spring Cloud Function 3.2.6 to address the following CVE report. CVE-2202-22979: Spring Cloud Function Dos Vulnerability Please review the information in the CVE report and upgrade immediately...
Spring Cloud Function Dos Vulnerability
In Spring Cloud Function versions 3.2.5 and older unsupported versions, it is possible for a user who directly interacts with framework provided lookup functionality to cause denial of service condition due to the caching issue in Function Catalog component of the framework. At the time of writin...
This Week in Spring - May 17th, 2022
Hi, Spring fans! Welcome to another installment of This Week in Spring! I am in beautiful Barcelona, Spain, this week, ahead of the upcoming Spring I/O show. I just spent a wonderful week in amazing England, meeting old friends, speaking at Devoxx UK, etc. A Bootiful Podcast: EasyMock contributor...
Exploit for Code Injection in Vmware Spring_Cloud_Function
Spring Cloud Function SpEL Expression Injection Vulnerability...
VMware Spring Cloud Function < 3.1.7 / 3.2.x < 3.2.3 SPEL Expression Injection (local check)
The version of Spring Cloud Function running on the remote host is affected by a remote code execution vulnerability in the routing functionality. A remote, unauthenticated attacker could provide a specially crafted SpEL as a routing expression that may result in remote code execution on the remo...
spring-cloud-function: Remote code execution by malicious Spring Expression
A flaw was found in Spring Cloud Function via the spring.cloud.function.routing-expression header that is modified by the attacker to contain malicious expression language code. The attacker is able to call functions that should not normally be accessible, including runtime exec calls...
Spring Cloud Function Remote Code Execution
Added: 04/05/2022 Background Spring Cloud Function abstracts all transport details and infrastructure, allowing developers to keep all familiar tools and processes and focus on business logic. Problem Spring Cloud Function has remote code execution vulnerability. An attacker could provide a craft...
Spring Cloud Function Remote Code Execution
Added: 04/05/2022 Background Spring Cloud Function abstracts all transport details and infrastructure, allowing developers to keep all familiar tools and processes and focus on business logic. Problem Spring Cloud Function has remote code execution vulnerability. An attacker could provide a craft...
BSA-2022-1768
Security Advisory ID : BSA-2022-1768 Component : Spring Cloud Revision : 1.0 In Spring Cloud Function versions 3.1.6, 3.2.2 and older unsupported versions, when using routing functionality it is possible for a user to provide a specially crafted SpEL as a routing-expression that may result in...
city.smartb.f2:f2-spring-boot-starter-function (>=0.2.2 <=0.6.0), city.smartb.f2:f2-spring-boot-starter-function-http (>=0.2.2 <=0.6.0) +412 more potentially affected by CVE-2022-22963 via org.springframework.cloud:spring-cloud-function-context (>=3.2.0 <=3.2.2)
org.springframework.cloud:spring-cloud-function-context MAVEN version =3.2.0, =0.2.2, =0.2.2, =0.2.2, =0.2.0, =0.2.0, =0.2.0, =0.5.0, =0.2.0, =0.2.0, =0.5.0, =0.5.0, =0.5.0, =0.5.0, =0.5.0, =0.6.0 and more Source cves: CVE-2022-22963 Source advisory: OSV:GHSA-6V73-FGF6-W5J7...