Maven package
org.springframework.cloud/spring-cloud-function-context
pkg:maven/org.springframework.cloud/spring-cloud-function-context
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-22271 | Hig | 8.2 | >= 4.0.0, < 4.0.8 | 4.0.8 | Jul 9, 2024 | In Spring Cloud Function framework, versions 4.1.x prior to 4.1.2, 4.0.x prior to 4.0.8 an application is vulnerable to a DOS attack when attempting to compose functions with non-existing functions. Specifically, an application is vulnerable when all of the following are true: | |
| CVE-2022-22963 | — | KEV | >= 3.2.0, < 3.2.3 | 3.2.3 | Apr 1, 2022 | In Spring Cloud Function versions 3.1.6, 3.2.2 and older unsupported versions, when using routing functionality it is possible for a user to provide a specially crafted SpEL as a routing-expression that may result in remote code execution and access to local resources. |
- affected >= 4.0.0, < 4.0.8fixed 4.0.8
In Spring Cloud Function framework, versions 4.1.x prior to 4.1.2, 4.0.x prior to 4.0.8 an application is vulnerable to a DOS attack when attempting to compose functions with non-existing functions. Specifically, an application is vulnerable when all of the following are true:
- affected >= 3.2.0, < 3.2.3fixed 3.2.3
In Spring Cloud Function versions 3.1.6, 3.2.2 and older unsupported versions, when using routing functionality it is possible for a user to provide a specially crafted SpEL as a routing-expression that may result in remote code execution and access to local resources.