Products
Spring Cloud Function framework
- 4.1.x prior to 4.1.2
- 4.0.x prior to 4.0.8
Source
security@vmware.com
Tags
CVE-2024-22271 details
Last Modified : July 9, 2024, 6:19 p.m.
Description
In Spring Cloud Function framework, versions 4.1.x prior to 4.1.2, 4.0.x prior to 4.0.8 an application is vulnerable to a DOS attack when attempting to compose functions with non-existing functions. Specifically, an application is vulnerable when all of the following are true: User is using Spring Cloud Function Web module Affected Spring Products and Versions Spring Cloud Function Framework 4.1.0 to 4.1.2 4.0.0 to 4.0.8 References https://spring.io/security/cve-2022-22979 https://checkmarx.com/blog/spring-function-cloud-dos-cve-2022-22979-and-unintended-function-invocation/ History 2020-01-16: Initial vulnerability report published.
CVSS Score
1 | 2 | 3 | 4 | 5 | 6 | 7 | 8.2 | 9 | 10 |
---|
Weakness
Weakness | Name | Description |
---|
CVSS Data
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
LOW
Availability Impact
NONE
Base Score
8.2
Exploitability Score
3.9
Impact Score
4.2
Base Severity
HIGH
Vector String : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
References
URL | Source |
---|---|
https://spring.io/security/cve-2024-22271 | security@vmware.com |