In Spring Cloud Function framework, versions 4.1.x prior to 4.1.2, 4.0.x prior to 4.0.8 an application is vulnerable to a DOS attack when attempting to compose functions with non-existing functions.
Specifically, an application is vulnerable when all of the following are true:
User is using Spring Cloud Function Web module
Affected Spring Products and Versions Spring Cloud Function Framework 4.1.0 to 4.1.2 4.0.0 to 4.0.8
References https://spring.io/security/cve-2022-22979 https://checkmarx.com/blog/spring-function-cloud-dos-cve-2022-22979-and-unintended-function-invocation/ History 2020-01-16: Initial vulnerability report published.
References
Configurations
No configuration.
History
21 Nov 2024, 08:55
Type | Values Removed | Values Added |
---|---|---|
References | () https://spring.io/security/cve-2024-22271 - |
01 Aug 2024, 13:46
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-20 | |
Summary |
|
09 Jul 2024, 13:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-07-09 13:15
Updated : 2024-11-21 08:55
NVD link : CVE-2024-22271
Mitre link : CVE-2024-22271
CVE.ORG link : CVE-2024-22271
JSON object : View
Products Affected
No product.
CWE
CWE-20
Improper Input Validation