In spring framework versions prior to 5.3.20+ , 5.2.22+ and old unsupported versions, applications that handle file uploads are vulnerable to DoS attack if they rely on data binding to set a MultipartFile or javax.servlet.Part to a field in a model object.
Metrics
Affected Vendors & Products
Advisories
Source | ID | Title |
---|---|---|
![]() |
EUVD-2022-4149 | In spring framework versions prior to 5.3.20+ , 5.2.22+ and old unsupported versions, applications that handle file uploads are vulnerable to DoS attack if they rely on data binding to set a MultipartFile or javax.servlet.Part to a field in a model object. |
![]() |
GHSA-hh26-6xwr-ggv7 | Denial of service in Spring Framework |
Fixes
Solution
No solution given by the vendor.
Workaround
No workaround given by the vendor.
References
History
Wed, 16 Jul 2025 13:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
epss
|
epss
|

Status: PUBLISHED
Assigner: vmware
Published:
Updated: 2024-08-03T03:28:42.399Z
Reserved: 2022-01-10T00:00:00
Link: CVE-2022-22970

No data.

Status : Modified
Published: 2022-05-12T20:15:15.037
Modified: 2024-11-21T06:47:42.860
Link: CVE-2022-22970


No data.