CVE-2022-22979

Source
https://cve.org/CVERecord?id=CVE-2022-22979
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-22979.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2022-22979
Aliases
Published
2022-06-21T14:23:38Z
Modified
2026-07-08T06:02:10.572407116Z
Summary
[none]
Details

In Spring Cloud Function versions prior to 3.2.6, it is possible for a user who directly interacts with framework provided lookup functionality to cause a denial-of-service condition due to the caching issue in the Function Catalog component of the framework.

Database specific
{
    "cna_assigner": "vmware",
    "unresolved_ranges": [
        {
            "extracted_events": [
                {
                    "introduced": "Spring Cloud Function (prior to 3.2.6)"
                },
                {
                    "last_affected": "Spring Cloud Function (prior to 3.2.6)"
                }
            ],
            "source": "AFFECTED_FIELD"
        }
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/22xxx/CVE-2022-22979.json"
}
References

Affected packages

Git / github.com/spring-cloud/spring-cloud-function

Affected ranges

Type
GIT
Repo
https://github.com/spring-cloud/spring-cloud-function
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Database specific
{
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "fixed": "3.2.6"
        }
    ],
    "cpe": "cpe:2.3:a:vmware:spring_cloud_function:*:*:*:*:*:*:*:*",
    "source": "CPE_RANGE"
}

Affected versions

v1.*
v1.0.0.M1
v1.0.0.M2
v1.0.0.M3
v1.0.0.M4
v1.0.0.M5
v1.0.0.M6
v1.0.0.RC1
v1.0.0.RC2
v1.0.0.RELEASE
v2.*
v2.0.0.M1
v2.0.0.M2
v2.0.0.M3
v2.0.0.M4
v2.0.0.RC1
v2.0.0.RC2
v2.0.0.RC3
v2.0.0.RELEASE
v2.0.1.RELEASE
v2.1.0.M1
v2.1.0.RC1
v2.1.0.RELEASE
v3.*
v3.0.0.M2
v3.0.0.M3
v3.0.0.RC1
v3.0.0.RC2
v3.0.0.RELEASE
v3.0.1.RELEASE
v3.0.2.RELEASE
v3.0.3.RELEASE
v3.1.0
v3.1.0-M2
v3.1.0-M3
v3.1.0-M4
v3.1.0-M5
v3.1.0-RC1
v3.1.0.M1
v3.1.1
v3.1.2
v3.1.3
v3.2.0
v3.2.0-M1
v3.2.0-M2
v3.2.0-M3
v3.2.0-RC1
v3.2.1
v3.2.2
v3.2.3
v3.2.4

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-22979.json"