VYPR

Maven package

org.springframework/spring-beans

pkg:maven/org.springframework/spring-beans

Vulnerabilities (2)

  • CVE-2022-22970May 12, 2022
    affected < 5.2.22.RELEASEfixed 5.2.22.RELEASE

    In spring framework versions prior to 5.3.20+ , 5.2.22+ and old unsupported versions, applications that handle file uploads are vulnerable to DoS attack if they rely on data binding to set a MultipartFile or javax.servlet.Part to a field in a model object.

  • CVE-2022-22965KEVApr 1, 2022
    affected < 5.2.20.RELEASEfixed 5.2.20.RELEASE

    A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application is deployed as a Spring Boot executable jar, i.e.