Lucene search
VmwareCVELIST:CVE-2022-22968HistoryApr 14, 2022 - 8:05 p.m.
CVE-2022-22968
2022-04-1420:05:50
vmware
www.cve.org
1
In Spring Framework versions 5.3.0 - 5.3.18, 5.2.0 - 5.2.20, and older unsupported versions, the patterns for disallowedFields on a DataBinder are case sensitive which means a field is not effectively protected unless it is listed with both upper and lower case for the first character of the field, including upper and lower case for the first character of all nested fields within the property path.
CNA Affected
[
{
"product": "Spring Framework",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Spring Framework versions 5.3.0 - 5.3.18, 5.2.0 - 5.2.20, and older unsupported versions"
}
]
}
]Related
spring
spring
This Week in Spring - April 19th, 2022
2022-04-19 19:00:00
Spring Framework Data Binding Rules Vulnerability (CVE-2022-22968)
2022-04-13 13:00:00
Spring Framework RCE, Early Announcement
2022-03-31 10:27:00
redhatcve
redhatcve
CVE-2022-22968
2022-04-14 08:54:00
prion
prion
Path traversal
2022-04-14 21:15:00
veracode
veracode
Binding Rules Bypass
2022-04-14 13:40:29
openvas
openvas
ubuntucve
ubuntucve
CVE-2022-22968
2022-04-14 00:00:00
nvd
nvd
CVE-2022-22968
2022-04-14 21:15:08
debiancve
debiancve
CVE-2022-22968
2022-04-14 21:15:08
osv
osv
Improper handling of case sensitivity in Spring Framework
2022-04-15 00:00:32
CVE-2022-22968
2022-04-14 21:15:08
github
github
Improper handling of case sensitivity in Spring Framework
2022-04-15 00:00:32
cve
cve
CVE-2022-22968
2022-04-14 21:15:08
f5
f5
trellix
trellix
The Bug Report – April 2022 Edition
2022-05-04 00:00:00
The Bug Report – April 2022 Edition
2022-05-04 00:00:00
redhat
redhat
nessus
nessus
Oracle MySQL Enterprise Monitor (Apr 2022 CPU)
2022-04-20 00:00:00
oracle
oracle
Oracle Critical Patch Update Advisory - October 2022
2022-10-18 00:00:00
Oracle Critical Patch Update Advisory - July 2022
2022-07-19 00:00:00
Oracle Critical Patch Update Advisory - April 2022
2022-04-19 00:00:00