6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
4 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:N/I:N/A:P
0.002 Low
EPSS
Percentile
61.3%
spring-messaging is vulnerable to denial of service. The vulnerability exists because the handleMessageInternal
function of SimpleBrokerMessageHandler.java
does not properly handle to ignore the invalid STOMP
frames, allowing an attacker to cause an application crash through the WebSocket endpoint.
github.com/advisories/GHSA-rqph-vqwm-22vc
github.com/spring-projects/spring-framework/commit/159a99bbafdd6c01871228113d7042c3f83f360f
github.com/spring-projects/spring-framework/commit/dc2947c52df18d5e99cad03383f7d6ba13d031fd
github.com/spring-projects/spring-framework/issues/28443
github.com/spring-projects/spring-framework/issues/28444
security.netapp.com/advisory/ntap-20220616-0003/
tanzu.vmware.com/security/cve-2022-22971
www.oracle.com/security-alerts/cpujul2022.html
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
4 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:N/I:N/A:P
0.002 Low
EPSS
Percentile
61.3%