PT-2024-7898 · Spring · Spring Cloud Function

Devme4F

Published

2024-07-09

Updated

2025-12-28

CVE-2024-22271

CVSS v4.0

8.8

High

Vector

AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N

Name of the Vulnerable Software and Affected Versions Spring Cloud Function versions 4.0.x prior to 4.0.8 Spring Cloud Function versions 4.1.x prior to 4.1.2

Description The issue is related to insufficient input validation in the Spring Cloud Function web module. This can be exploited by a remote attacker to perform a denial-of-service attack.

Recommendations For Spring Cloud Function versions 4.0.x prior to 4.0.8, update to version 4.0.8 or later. For Spring Cloud Function versions 4.1.x prior to 4.1.2, update to version 4.1.2 or later.

Fix

LPE

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

BDU:2024-09402

CVE-2024-22271

GHSA-J4R7-P9FP-W3F3

Affected Products

Spring Cloud Function

PT-2024-7898 · Spring · Spring Cloud Function

CVE-2024-22271

Weakness Enumeration

Related Identifiers

Affected Products

References · 15