VYPR
High severityNVD Advisory· Published May 12, 2022· Updated Aug 3, 2024

CVE-2022-22970

CVE-2022-22970

Description

In spring framework versions prior to 5.3.20+ , 5.2.22+ and old unsupported versions, applications that handle file uploads are vulnerable to DoS attack if they rely on data binding to set a MultipartFile or javax.servlet.Part to a field in a model object.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
org.springframework:spring-beansMaven
< 5.2.22.RELEASE5.2.22.RELEASE
org.springframework:spring-beansMaven
>= 5.3.0, < 5.3.205.3.20

Affected products

2

Patches

Vulnerability mechanics

References

8

News mentions

0

No linked articles in our index yet.