CVE-2024-22271

In Spring Cloud Function framework, versions 4.1.x prior to 4.1.2, 4.0.x prior to 4.0.8 an application is vulnerable to a DOS attack when attempting to compose functions with non-existing functions. Specifically, an application is vulnerable when all of the following are true: User is using Spring Cloud Function Web module Affected Spring Products and Versions Spring Cloud Function Framework 4.1.0 to 4.1.2 4.0.0 to 4.0.8 References https://spring.io/security/cve-2022-22979   https://checkmarx.com/blog/spring-function-cloud-dos-cve-2022-22979-and-unintended-function-invocation/  History 2020-01-16: Initial vulnerability report published.
Configurations

No configuration.

History

21 Nov 2024, 08:55

Type Values Removed Values Added
References () https://spring.io/security/cve-2024-22271 - () https://spring.io/security/cve-2024-22271 -

01 Aug 2024, 13:46

Type Values Removed Values Added
CWE CWE-20
Summary
  • (es) En el framework Spring Cloud Function, versiones 4.1.x anteriores a 4.1.2, 4.0.x anteriores a 4.0.8, una aplicación es vulnerable a un ataque de DOS cuando intenta componer funciones con funciones no existentes. Específicamente, una aplicación es vulnerable cuando se cumple todo lo siguiente: El usuario está utilizando el módulo web Spring Cloud Function Productos y versiones de Spring afectados Spring Cloud Function Framework 4.1.0 a 4.1.2 4.0.0 a 4.0.8 Referencias https:// spring.io/security/cve-2022-22979 https://checkmarx.com/blog/spring-function-cloud-dos-cve-2022-22979-and-unintended-function-invocation/ Historia 2020-01-16: Informe inicial de vulnerabilidad publicado.

09 Jul 2024, 13:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-07-09 13:15

Updated : 2024-11-21 08:55


NVD link : CVE-2024-22271

Mitre link : CVE-2024-22271

CVE.ORG link : CVE-2024-22271


JSON object : View

Products Affected

No product.

CWE
CWE-20

Improper Input Validation