Vulnerabilities (CVE)

Filtered by vendor Vmware Subscribe
Filtered by product Spring Cloud Function
Total 2 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-22979 1 Vmware 1 Spring Cloud Function 2024-11-21 5.0 MEDIUM 7.5 HIGH
In Spring Cloud Function versions prior to 3.2.6, it is possible for a user who directly interacts with framework provided lookup functionality to cause a denial-of-service condition due to the caching issue in the Function Catalog component of the framework.
CVE-2022-22963 2 Oracle, Vmware 28 Banking Branch, Banking Cash Management, Banking Corporate Lending Process Management and 25 more 2024-11-21 7.5 HIGH 9.8 CRITICAL
In Spring Cloud Function versions 3.1.6, 3.2.2 and older unsupported versions, when using routing functionality it is possible for a user to provide a specially crafted SpEL as a routing-expression that may result in remote code execution and access to local resources.