CVE-2022-22970
published 2022-05-12CVE-2022-22970: In spring framework versions prior to 5.3.20+ , 5.2.22+ and old unsupported versions, applications that handle file uploads are vulnerable to DoS attack if…
medium5.3CVSS 3.1
AVNACHPRLUINSUCNINAH
In spring framework versions prior to 5.3.20+ , 5.2.22+ and old unsupported versions, applications that handle file uploads are vulnerable to DoS attack if they rely on data binding to set a MultipartFile or javax.servlet.Part to a field in a model object.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | libspring-java | — | — |
| oracle | financial_services_crime_and_compliance_management_studio | — | — |
| oracle | financial_services_crime_and_compliance_management_studio | — | — |
| vmware | spring_framework | <= 5.2.21 | — |
| vmware | spring_framework | — | — |
| vmware | spring_framework | 5.3.0 – 5.3.19 | — |
CVSS provenance
nvdv3.15.3MEDIUMCVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
osv5.3MEDIUM