Vulnerability Database
289,689
Total vulnerabilities in the database
CVE-2022-22950
n Spring Framework versions 5.3.0 - 5.3.16 and older unsupported versions, it is possible for a user to provide a specially crafted SpEL expression that may cause a denial of service condition.
| Software | From | Fixed in |
|---|---|---|
| vmware / spring_framework | - | 5.2.20 |
| vmware / spring_framework | 5.3.0 | 5.3.17 |
org.springframework / spring-expression
|
5.3.0 | 5.3.17 |
|
org.springframework / spring-expression
|
- | 5.2.20.RELEASE |
- https://github.com/spring-projects/spring-framework/commit/83ac65915871067c39a4fb255e0d484c785c0c11
- https://github.com/spring-projects/spring-framework/issues/28145
- https://github.com/spring-projects/spring-framework/issues/28257
- https://github.com/spring-projects/spring-framework/releases/tag/v5.2.20.RELEASE
- https://github.com/spring-projects/spring-framework/releases/tag/v5.3.17
- https://tanzu.vmware.com/security/cve-2022-22950