Vulnerability Database
296,733
Total vulnerabilities in the database
CVE-2022-22950
n Spring Framework versions 5.3.0 - 5.3.16 and older unsupported versions, it is possible for a user to provide a specially crafted SpEL expression that may cause a denial of service condition.
| Software | From | Fixed in |
|---|---|---|
| vmware / spring_framework | - | 5.2.20 |
| vmware / spring_framework | 5.3.0 | 5.3.17 |
org.springframework / spring-expression
|
5.3.0 | 5.3.17 |
|
org.springframework / spring-expression
|
- | 5.2.20.RELEASE |
- https://github.com/spring-projects/spring-framework/commit/83ac65915871067c39a4fb255e0d484c785c0c11
- https://github.com/spring-projects/spring-framework/issues/28145
- https://github.com/spring-projects/spring-framework/issues/28257
- https://github.com/spring-projects/spring-framework/releases/tag/v5.2.20.RELEASE
- https://github.com/spring-projects/spring-framework/releases/tag/v5.3.17
- https://tanzu.vmware.com/security/cve-2022-22950
Deep Security Visibility Without the Complexity
SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.
- No setup fees
- 5-min deployment
- Cancel anytime