VYPR

Maven package

org.springframework.cloud/spring-cloud-function-context

pkg:maven/org.springframework.cloud/spring-cloud-function-context

Vulnerabilities (2)

  • CVE-2024-22271HigJul 9, 2024
    affected >= 4.0.0, < 4.0.8fixed 4.0.8

    In Spring Cloud Function framework, versions 4.1.x prior to 4.1.2, 4.0.x prior to 4.0.8 an application is vulnerable to a DOS attack when attempting to compose functions with non-existing functions. Specifically, an application is vulnerable when all of the following are true:

  • CVE-2022-22963KEVApr 1, 2022
    affected >= 3.2.0, < 3.2.3fixed 3.2.3

    In Spring Cloud Function versions 3.1.6, 3.2.2 and older unsupported versions, when using routing functionality it is possible for a user to provide a specially crafted SpEL as a routing-expression that may result in remote code execution and access to local resources.