GHSA-hh26-6xwr-ggv7
Suggest an improvement- Source
- https://github.com/advisories/GHSA-hh26-6xwr-ggv7
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-hh26-6xwr-ggv7/GHSA-hh26-6xwr-ggv7.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-hh26-6xwr-ggv7
- Aliases
- Published
- 2022-05-13T00:00:28Z
- Modified
- 2024-03-14T21:14:57.079098Z
- Severity
-
- 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- Denial of service in Spring Framework
- Details
-
In spring framework versions prior to 5.3.20+ , 5.2.22+ and old unsupported versions, applications that handle file uploads are vulnerable to DoS attack if they rely on data binding to set a MultipartFile or javax.servlet.Part to a field in a model object.
- Database specific
{ "nvd_published_at": "2022-05-12T20:15:00Z", "cwe_ids": [ "CWE-770" ], "severity": "HIGH", "github_reviewed": true, "github_reviewed_at": "2022-05-25T22:36:56Z" }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2022-22970
- https://github.com/spring-projects/spring-framework/commit/50177b1ad3485bd44239b1756f6c14607476fcf2
- https://github.com/spring-projects/spring-framework/commit/83186b689f11f5e6efe7ccc08fdeb92f66fcd583
- https://github.com/spring-projects/spring-framework
- https://security.netapp.com/advisory/ntap-20220616-0006
- https://tanzu.vmware.com/security/cve-2022-22970
- https://www.oracle.com/security-alerts/cpujul2022.html
Affected packages
Maven / org.springframework:spring-beans
Package
- Name
- org.springframework:spring-beans
- View open source insights on deps.dev
- Purl
- pkg:maven/org.springframework/spring-beans
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed5.2.22.RELEASE
Affected versions
1.*
1.0-m4
1.0-rc1
1.0
1.0.1
1.2-rc1
1.2-rc2
1.2
1.2.1
1.2.2
1.2.3
1.2.4
1.2.5
1.2.6
1.2.7
1.2.8
1.2.9
2.*
2.0-m1
2.0-m2
2.0-m3
2.0-m4
2.0-m5
2.0-rc1
2.0-rc2
2.0
2.0.1
2.0.2
2.0.3
2.0.4
2.0.5
2.0.6
2.0.7
2.0.8
2.5
2.5.1
2.5.2
2.5.3
2.5.4
2.5.5
2.5.6
2.5.6.SEC01
2.5.6.SEC02
2.5.6.SEC03
3.*
3.0.0.RELEASE
3.0.1.RELEASE
3.0.2.RELEASE
3.0.3.RELEASE
3.0.4.RELEASE
3.0.5.RELEASE
3.0.6.RELEASE
3.0.7.RELEASE
3.1.0.RELEASE
3.1.1.RELEASE
3.1.2.RELEASE
3.1.3.RELEASE
3.1.4.RELEASE
3.2.0.RELEASE
3.2.1.RELEASE
3.2.2.RELEASE
3.2.3.RELEASE
3.2.4.RELEASE
3.2.5.RELEASE
3.2.6.RELEASE
3.2.7.RELEASE
3.2.8.RELEASE
3.2.9.RELEASE
3.2.10.RELEASE
3.2.11.RELEASE
3.2.12.RELEASE
3.2.13.RELEASE
3.2.14.RELEASE
3.2.15.RELEASE
3.2.16.RELEASE
3.2.17.RELEASE
3.2.18.RELEASE
4.*
4.0.0.RELEASE
4.0.1.RELEASE
4.0.2.RELEASE
4.0.3.RELEASE
4.0.4.RELEASE
4.0.5.RELEASE
4.0.6.RELEASE
4.0.7.RELEASE
4.0.8.RELEASE
4.0.9.RELEASE
4.1.0.RELEASE
4.1.1.RELEASE
4.1.2.RELEASE
4.1.3.RELEASE
4.1.4.RELEASE
4.1.5.RELEASE
4.1.6.RELEASE
4.1.7.RELEASE
4.1.8.RELEASE
4.1.9.RELEASE
4.2.0.RELEASE
4.2.1.RELEASE
4.2.2.RELEASE
4.2.3.RELEASE
4.2.4.RELEASE
4.2.5.RELEASE
4.2.6.RELEASE
4.2.7.RELEASE
4.2.8.RELEASE
4.2.9.RELEASE
4.3.0.RELEASE
4.3.1.RELEASE
4.3.2.RELEASE
4.3.3.RELEASE
4.3.4.RELEASE
4.3.5.RELEASE
4.3.6.RELEASE
4.3.7.RELEASE
4.3.8.RELEASE
4.3.9.RELEASE
4.3.10.RELEASE
4.3.11.RELEASE
4.3.12.RELEASE
4.3.13.RELEASE
4.3.14.RELEASE
4.3.15.RELEASE
4.3.16.RELEASE
4.3.17.RELEASE
4.3.18.RELEASE
4.3.19.RELEASE
4.3.20.RELEASE
4.3.21.RELEASE
4.3.22.RELEASE
4.3.23.RELEASE
4.3.24.RELEASE
4.3.25.RELEASE
4.3.26.RELEASE
4.3.27.RELEASE
4.3.28.RELEASE
4.3.29.RELEASE
4.3.30.RELEASE
5.*
5.0.0.RELEASE
5.0.1.RELEASE
5.0.2.RELEASE
5.0.3.RELEASE
5.0.4.RELEASE
5.0.5.RELEASE
5.0.6.RELEASE
5.0.7.RELEASE
5.0.8.RELEASE
5.0.9.RELEASE
5.0.10.RELEASE
5.0.11.RELEASE
5.0.12.RELEASE
5.0.13.RELEASE
5.0.14.RELEASE
5.0.15.RELEASE
5.0.16.RELEASE
5.0.17.RELEASE
5.0.18.RELEASE
5.0.19.RELEASE
5.0.20.RELEASE
5.1.0.RELEASE
5.1.1.RELEASE
5.1.2.RELEASE
5.1.3.RELEASE
5.1.4.RELEASE
5.1.5.RELEASE
5.1.6.RELEASE
5.1.7.RELEASE
5.1.8.RELEASE
5.1.9.RELEASE
5.1.10.RELEASE
5.1.11.RELEASE
5.1.12.RELEASE
5.1.13.RELEASE
5.1.14.RELEASE
5.1.15.RELEASE
5.1.16.RELEASE
5.1.17.RELEASE
5.1.18.RELEASE
5.1.19.RELEASE
5.1.20.RELEASE
5.2.0.RELEASE
5.2.1.RELEASE
5.2.2.RELEASE
5.2.3.RELEASE
5.2.4.RELEASE
5.2.5.RELEASE
5.2.6.RELEASE
5.2.7.RELEASE
5.2.8.RELEASE
5.2.9.RELEASE
5.2.10.RELEASE
5.2.11.RELEASE
5.2.12.RELEASE
5.2.13.RELEASE
5.2.14.RELEASE
5.2.15.RELEASE
5.2.16.RELEASE
5.2.17.RELEASE
5.2.18.RELEASE
5.2.19.RELEASE
5.2.20.RELEASE
5.2.21.RELEASE
Maven / org.springframework:spring-beans
Package
- Name
- org.springframework:spring-beans
- View open source insights on deps.dev
- Purl
- pkg:maven/org.springframework/spring-beans