PT-2022-2028 · Unknown+2 · Spring Framework+2
4Ra1N
·
Published
2022-03-28
·
Updated
2025-05-23
·
CVE-2022-22950
CVSS v3.1
6.5
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
Spring Framework versions 5.3.0 through 5.3.16
Spring Framework versions 5.2.0.RELEASE through 5.2.19.RELEASE
Spring Framework older unsupported versions
Description
The issue is related to unlimited resource allocation in the Spring Framework, which can be exploited by a remote attacker using a specially crafted SpEL expression to cause a denial of service condition.
Recommendations
For Spring Framework versions 5.3.0 through 5.3.16, consider upgrading to a newer version to resolve the issue.
For Spring Framework versions 5.2.0.RELEASE through 5.2.19.RELEASE, consider upgrading to a newer version to resolve the issue.
For Spring Framework older unsupported versions, consider upgrading to a supported version to resolve the issue.
As a temporary workaround, consider restricting the use of SpEL expressions to minimize the risk of exploitation.
Fix
DoS
RCE
Allocation of Resources Without Limits
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Debian
Spring Framework
Zvirt Node