In Spring Cloud Function framework, versions 4.1.x prior to 4.1.2, 4.0.x prior to 4.0.8 an application is vulnerable to a DOS attack when attempting to compose functions with non-existing functions.
Specifically, an application is vulnerable when all of the following are true:
User is using Spring Cloud Function Web module
Affected Spring Products and Versions Spring Cloud Function Framework 4.1.0 to 4.1.2 4.0.0 to 4.0.8
References https://spring.io/security/cve-2022-22979 https://checkmarx.com/blog/spring-function-cloud-dos-cve-2022-22979-and-unintended-function-invocation/ History 2020-01-16: Initial vulnerability report published.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: vmware
Published: 2024-07-09T12:50:15.845Z
Updated: 2024-08-01T22:43:34.197Z
Reserved: 2024-01-08T18:43:18.957Z
Link: CVE-2024-22271
Vulnrichment
Updated: 2024-08-01T22:43:34.197Z
NVD
Status : Awaiting Analysis
Published: 2024-07-09T13:15:09.887
Modified: 2024-08-01T13:46:54.670
Link: CVE-2024-22271
Redhat