VYPR

Spring Cloud Function

by Spring Cloud

Source repositories

CVEs (3)

  • CVE-2022-22963CriKEVApr 1, 2022
    risk 0.87cvss 9.8epss 1.00

    In Spring Cloud Function versions 3.1.6, 3.2.2 and older unsupported versions, when using routing functionality it is possible for a user to provide a specially crafted SpEL as a routing-expression that may result in remote code execution and access to local resources.

  • CVE-2022-22979HigJun 21, 2022
    risk 0.49cvss 7.5epss 0.01

    In Spring Cloud Function versions prior to 3.2.6, it is possible for a user who directly interacts with framework provided lookup functionality to cause a denial-of-service condition due to the caching issue in the Function Catalog component of the framework.

  • CVE-2024-22271HigJul 9, 2024
    risk 0.46cvss 8.2epss 0.00

    In Spring Cloud Function framework, versions 4.1.x prior to 4.1.2, 4.0.x prior to 4.0.8 an application is vulnerable to a DOS attack when attempting to compose functions with non-existing functions. Specifically, an application is vulnerable when all of the following are true: …