CVE-2024-22271
Description
In Spring Cloud Function framework, versions 4.1.x prior to 4.1.2, 4.0.x prior to 4.0.8 an application is vulnerable to a DOS attack when attempting to compose functions with non-existing functions.
Specifically, an application is vulnerable when all of the following are true:
User is using Spring Cloud Function Web module
Affected Spring Products and Versions Spring Cloud Function Framework 4.1.0 to 4.1.2 4.0.0 to 4.0.8
References https://spring.io/security/cve-2022-22979 https://checkmarx.com/blog/spring-function-cloud-dos-cve-2022-22979-and-unintended-function-invocation/ History 2020-01-16: Initial vulnerability report published.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.springframework.cloud:spring-cloud-function-contextMaven | >= 4.0.0, < 4.0.8 | 4.0.8 |
org.springframework.cloud:spring-cloud-function-contextMaven | >= 4.1.0, < 4.1.2 | 4.1.2 |
Affected products
1- Range: >= 4.1.0, < 4.1.2
Patches
159fe298b67fcGH-1139 Fix function composition with non-existing functions
2 files changed · +29 −3
spring-cloud-function-context/src/main/java/org/springframework/cloud/function/context/catalog/BeanFactoryAwareFunctionRegistry.java+4 −3 modified@@ -144,11 +144,12 @@ public <T> T lookup(Class<?> type, String functionDefinition, String... expected Set<String> functionRegistratioinNames = super.getNames(null); String[] functionNames = StringUtils.delimitedListToStringArray(functionDefinition.replaceAll(",", "|").trim(), "|"); for (String functionName : functionNames) { - if (functionRegistratioinNames.contains(functionName) && logger.isDebugEnabled()) { - logger.debug("Skipping function '" + functionName + "' since it is already present"); + if (functionRegistratioinNames.contains(functionName)) { + if (logger.isDebugEnabled()) { + logger.debug("Skipping function '" + functionName + "' since it is already present"); + } } else { - Object functionCandidate = this.discoverFunctionInBeanFactory(functionName); if (functionCandidate != null) { Type functionType = null;
spring-cloud-function-context/src/test/java/org/springframework/cloud/function/context/catalog/BeanFactoryAwareFunctionRegistryTests.java+25 −0 modified@@ -29,6 +29,7 @@ import java.util.List; import java.util.Map; import java.util.Map.Entry; +import java.util.Set; import java.util.concurrent.ExecutorService; import java.util.concurrent.Executors; import java.util.concurrent.TimeUnit; @@ -115,6 +116,30 @@ public void testEmptyPojoConversion() { assertThat(result).isEqualTo("{}"); } + @SuppressWarnings({ "rawtypes", "unchecked" }) + @Test + public void testCompositionWithNonExistingFunction() throws Exception { + FunctionCatalog catalog = this.configureCatalog(CompositionWithNullReturnInBetween.class); + for (int i = 0; i < 10; i++) { + catalog.lookup("echo1|any"); + } + Field functionRegistrationsField = ReflectionUtils.findField(catalog.getClass(), "functionRegistrations"); + functionRegistrationsField.setAccessible(true); + Set<FunctionRegistration> functionRegistrations = (Set) functionRegistrationsField.get(catalog); + assertThat(functionRegistrations.size()).isEqualTo(1); + FunctionRegistration registration = functionRegistrations.iterator().next(); + assertThat(registration.getNames().size()).isEqualTo(1); + assertThat(registration.getNames().iterator().next()).isEqualTo("echo1"); + + for (int i = 0; i < 10; i++) { + catalog.lookup("echo1|any|foo|bar|bye"); + } + assertThat(functionRegistrations.size()).isEqualTo(1); + registration = functionRegistrations.iterator().next(); + assertThat(registration.getNames().size()).isEqualTo(1); + assertThat(registration.getNames().iterator().next()).isEqualTo("echo1"); + } + @SuppressWarnings({ "rawtypes", "unchecked" }) @Test public void testCompositionWithNullReturnInBetween() {
Vulnerability mechanics
Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
6- github.com/advisories/GHSA-j4r7-p9fp-w3f3ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2024-22271ghsaADVISORY
- github.com/spring-cloud/spring-cloud-function/commit/59fe298b67fcb9249db727a7b3a33612fc7a9f75ghsaWEB
- github.com/spring-cloud/spring-cloud-function/issues/1139ghsaWEB
- github.com/spring-cloud/spring-cloud-function/releases/tag/v4.1.2ghsaWEB
- spring.io/security/cve-2024-22271nvdWEB
News mentions
0No linked articles in our index yet.