Maven package
org.springframework/spring-beans
pkg:maven/org.springframework/spring-beans
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2022-22970 | — | < 5.2.22.RELEASE | 5.2.22.RELEASE | May 12, 2022 | In spring framework versions prior to 5.3.20+ , 5.2.22+ and old unsupported versions, applications that handle file uploads are vulnerable to DoS attack if they rely on data binding to set a MultipartFile or javax.servlet.Part to a field in a model object. | ||
| CVE-2022-22965 | — | KEV | < 5.2.20.RELEASE | 5.2.20.RELEASE | Apr 1, 2022 | A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application is deployed as a Spring Boot executable jar, i.e. |
- CVE-2022-22970May 12, 2022affected < 5.2.22.RELEASEfixed 5.2.22.RELEASE
In spring framework versions prior to 5.3.20+ , 5.2.22+ and old unsupported versions, applications that handle file uploads are vulnerable to DoS attack if they rely on data binding to set a MultipartFile or javax.servlet.Part to a field in a model object.
- affected < 5.2.20.RELEASEfixed 5.2.20.RELEASE
A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application is deployed as a Spring Boot executable jar, i.e.