CVE-2022-22979Allocation of Resources Without Limits or Throttling in Vmware Spring Cloud Function

CWE-770Allocation of Resources Without Limits or ThrottlingCWE-400Uncontrolled Resource ConsumptionCWE-20Improper Input Validation8 documents6 sources
Severity
7.5HIGHNVD
EPSS
0.7%
top 28.75%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Vmware Spring Cloud Function
Timeline
PublishedJun 21
Latest updateJul 9

Description

In Spring Cloud Function versions prior to 3.2.6, it is possible for a user who directly interacts with framework provided lookup functionality to cause a denial-of-service condition due to the caching issue in the Function Catalog component of the framework.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

CVEListV5vmware/spring_cloud_functionSpring Cloud Function (prior to 3.2.6)

🔴Vulnerability Details

4
GHSA
Spring Cloud Function Framework vulnerable to Denial of Service2024-07-09
GHSA
Denial of Service in Spring Cloud Function2022-06-22
OSV
Denial of Service in Spring Cloud Function2022-06-22
CVEList
CVE-2022-22979: In Spring Cloud Function versions prior to 32022-06-21

📋Vendor Advisories

3
Red Hat
spring-cloud-function-context: Spring Cloud Function Web DOS Vulnerability2024-07-09
Oracle
Oracle Oracle Financial Services Applications Risk Matrix: Reports (Spring Cloud Function) — CVE-2022-229792024-01-15
Oracle
Oracle Oracle Financial Services Applications Risk Matrix: Base (Spring Cloud Function) — CVE-2022-229792023-04-15
CVE-2022-22979 — Vmware vulnerability | cvebase