GHSA-rqph-vqwm-22vc
Suggest an improvement- Source
- https://github.com/advisories/GHSA-rqph-vqwm-22vc
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-rqph-vqwm-22vc/GHSA-rqph-vqwm-22vc.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-rqph-vqwm-22vc
- Aliases
- Published
- 2022-05-13T00:00:29Z
- Modified
- 2024-03-14T21:05:11.004569Z
- Severity
-
- 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- Allocation of Resources Without Limits or Throttling in Spring Framework
- Details
-
In spring framework versions prior to 5.3.20+ , 5.2.22+ and old unsupported versions, application with a STOMP over WebSocket endpoint is vulnerable to a denial of service attack by an authenticated user.
- Database specific
{ "nvd_published_at": "2022-05-12T20:15:00Z", "cwe_ids": [ "CWE-770" ], "severity": "MODERATE", "github_reviewed": true, "github_reviewed_at": "2022-05-24T22:24:29Z" }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2022-22971
- https://github.com/spring-projects/spring-framework/commit/159a99bbafdd6c01871228113d7042c3f83f360f
- https://github.com/spring-projects/spring-framework/commit/dc2947c52df18d5e99cad03383f7d6ba13d031fd
- https://github.com/spring-projects/spring-framework
- https://security.netapp.com/advisory/ntap-20220616-0003
- https://tanzu.vmware.com/security/cve-2022-22971
- https://www.oracle.com/security-alerts/cpujul2022.html
Affected packages
Maven / org.springframework:spring-messaging
Package
- Name
- org.springframework:spring-messaging
- View open source insights on deps.dev
- Purl
- pkg:maven/org.springframework/spring-messaging
Maven / org.springframework:spring-messaging
Package
- Name
- org.springframework:spring-messaging
- View open source insights on deps.dev
- Purl
- pkg:maven/org.springframework/spring-messaging
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed5.2.22.RELEASE
Affected versions
4.*
4.0.0.RELEASE
4.0.1.RELEASE
4.0.2.RELEASE
4.0.3.RELEASE
4.0.4.RELEASE
4.0.5.RELEASE
4.0.6.RELEASE
4.0.7.RELEASE
4.0.8.RELEASE
4.0.9.RELEASE
4.1.0.RELEASE
4.1.1.RELEASE
4.1.2.RELEASE
4.1.3.RELEASE
4.1.4.RELEASE
4.1.5.RELEASE
4.1.6.RELEASE
4.1.7.RELEASE
4.1.8.RELEASE
4.1.9.RELEASE
4.2.0.RELEASE
4.2.1.RELEASE
4.2.2.RELEASE
4.2.3.RELEASE
4.2.4.RELEASE
4.2.5.RELEASE
4.2.6.RELEASE
4.2.7.RELEASE
4.2.8.RELEASE
4.2.9.RELEASE
4.3.0.RELEASE
4.3.1.RELEASE
4.3.2.RELEASE
4.3.3.RELEASE
4.3.4.RELEASE
4.3.5.RELEASE
4.3.6.RELEASE
4.3.7.RELEASE
4.3.8.RELEASE
4.3.9.RELEASE
4.3.10.RELEASE
4.3.11.RELEASE
4.3.12.RELEASE
4.3.13.RELEASE
4.3.14.RELEASE
4.3.15.RELEASE
4.3.16.RELEASE
4.3.17.RELEASE
4.3.18.RELEASE
4.3.19.RELEASE
4.3.20.RELEASE
4.3.21.RELEASE
4.3.22.RELEASE
4.3.23.RELEASE
4.3.24.RELEASE
4.3.25.RELEASE
4.3.26.RELEASE
4.3.27.RELEASE
4.3.28.RELEASE
4.3.29.RELEASE
4.3.30.RELEASE
5.*
5.0.0.RELEASE
5.0.1.RELEASE
5.0.2.RELEASE
5.0.3.RELEASE
5.0.4.RELEASE
5.0.5.RELEASE
5.0.6.RELEASE
5.0.7.RELEASE
5.0.8.RELEASE
5.0.9.RELEASE
5.0.10.RELEASE
5.0.11.RELEASE
5.0.12.RELEASE
5.0.13.RELEASE
5.0.14.RELEASE
5.0.15.RELEASE
5.0.16.RELEASE
5.0.17.RELEASE
5.0.18.RELEASE
5.0.19.RELEASE
5.0.20.RELEASE
5.1.0.RELEASE
5.1.1.RELEASE
5.1.2.RELEASE
5.1.3.RELEASE
5.1.4.RELEASE
5.1.5.RELEASE
5.1.6.RELEASE
5.1.7.RELEASE
5.1.8.RELEASE
5.1.9.RELEASE
5.1.10.RELEASE
5.1.11.RELEASE
5.1.12.RELEASE
5.1.13.RELEASE
5.1.14.RELEASE
5.1.15.RELEASE
5.1.16.RELEASE
5.1.17.RELEASE
5.1.18.RELEASE
5.1.19.RELEASE
5.1.20.RELEASE
5.2.0.RELEASE
5.2.1.RELEASE
5.2.2.RELEASE
5.2.3.RELEASE
5.2.4.RELEASE
5.2.5.RELEASE
5.2.6.RELEASE
5.2.7.RELEASE
5.2.8.RELEASE
5.2.9.RELEASE
5.2.10.RELEASE
5.2.11.RELEASE
5.2.12.RELEASE
5.2.13.RELEASE
5.2.14.RELEASE
5.2.15.RELEASE
5.2.16.RELEASE
5.2.17.RELEASE
5.2.18.RELEASE
5.2.19.RELEASE
5.2.20.RELEASE
5.2.21.RELEASE