PT-2022-9227 · Unknown+1 · Spring Framework+1

Published

2022-01-07

Updated

2022-05-13

CVE-2021-22060

CVSS v3.1

4.3

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Name of the Vulnerable Software and Affected Versions Spring Framework versions 5.3.0 through 5.3.13 Spring Framework versions 5.2.0 through 5.2.18 Spring Framework older unsupported versions

Description The issue allows a user to provide malicious input, causing the insertion of additional log entries. This is related to protecting against additional types of input and in more places of the Spring Framework codebase.

Recommendations For Spring Framework versions 5.3.0 through 5.3.13, update to a version that includes the necessary security patches. For Spring Framework versions 5.2.0 through 5.2.18, update to a version that includes the necessary security patches. For Spring Framework older unsupported versions, consider upgrading to a supported version that includes the necessary security patches.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2021-22060

GHSA-6GF2-PVQW-37PH

Affected Products

Debian

Spring Framework

PT-2022-9227 · Unknown+1 · Spring Framework+1

CVE-2021-22060

Related Identifiers

Affected Products

References · 10