Lucene search

[email protected]NVD:CVE-2024-22271

HistoryJul 09, 2024 - 1:15 p.m.

CVE-2024-22271

2024-07-0913:15:09

CWE-20

[email protected]

web.nvd.nist.gov

spring cloud function

dos attack

vulnerability

CVSS3

8.2

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

EPSS

0.001

Percentile

38.7%

JSON

In Spring Cloud Function framework, versions 4.1.x prior to 4.1.2, 4.0.x prior to 4.0.8 an application is vulnerable to a DOS attack when attempting to compose functions with non-existing functions.

Specifically, an application is vulnerable when all of the following are true:

User is using Spring Cloud Function Web module

Affected Spring Products and Versions Spring Cloud Function Framework 4.1.0 to 4.1.2 4.0.0 to 4.0.8

References https://spring.io/security/cve-2022-22979 https://checkmarx.com/blog/spring-function-cloud-dos-cve-2022-22979-and-unintended-function-invocation/ History 2020-01-16: Initial vulnerability report published.

References

spring.io/security/cve-2024-22271

CVSS3

8.2

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

EPSS

0.001

Percentile

38.7%

JSON

Related for NVD:CVE-2024-22271

cvelist2 cve2 vulnrichment1 osv3 github2 prion1 redhatcve1 veracode2 nvd1 spring1 oracle2