CVE-2022-22979

Name of the Vulnerable Software and Affected Versions Spring Cloud Function versions prior to 3.2.6

Description The issue is related to a caching problem in the Function Catalog component, which can cause a denial-of-service condition when a user directly interacts with the framework's lookup functionality. The vulnerability is also associated with an unlimited allocation of resources, potentially allowing a remote attacker to cause a denial of service through the spring-cloud-function-web module.

Recommendations For versions prior to 3.2.6, update to version 3.2.6 or later to resolve the issue. As a temporary workaround, consider restricting access to the Function Catalog component to minimize the risk of exploitation.