CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 1CVE-2022-22971 – springframework: DoS with STOMP over WebSocket
https://notcve.org/view.php?id=CVE-2022-22971
In spring framework versions prior to 5.3.20+ , 5.2.22+ and old unsupported versions, application with a STOMP over WebSocket endpoint is vulnerable to a denial of service attack by an authenticated user. En spring framework versiones anteriores a 5.3.20+ , 5.2.22+ y las versiones antiguas no soportadas, la aplicación con un endpoint STOMP sobre WebSocket es vulnerable a un ataque de denegación de servicio por parte de un usuario autenticado A flaw was found in Spring Framework Applications. Applications that use STOMP over the WebSocket endpoint are vulnerable to a denial of service attack caused by an authenticated user. • https://github.com/tchize/CVE-2022-22971 https://security.netapp.com/advisory/ntap-20220616-0003 https://tanzu.vmware.com/security/cve-2022-22971 https://www.oracle.com/security-alerts/cpujul2022.html https://access.redhat.com/security/cve/CVE-2022-22971 https://bugzilla.redhat.com/show_bug.cgi?id=2087274 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 5.3EPSS: 0%CPEs: 10EXPL: 0CVE-2022-22970 – springframework: DoS via data binding to multipartFile or servlet part
https://notcve.org/view.php?id=CVE-2022-22970
In spring framework versions prior to 5.3.20+ , 5.2.22+ and old unsupported versions, applications that handle file uploads are vulnerable to DoS attack if they rely on data binding to set a MultipartFile or javax.servlet.Part to a field in a model object. En spring Framework versiones anteriores a 5.3.20+ , 5.2.22+ y las versiones antiguas no soportadas, las aplicaciones que manejan cargas de archivos son vulnerables a un ataque de denegación de servicio si dependen de la vinculación de datos para establecer un MultipartFile o javax.servlet.Part a un campo en un objeto modelo A flaw was found in Spring Framework. Applications that handle file uploads are vulnerable to a denial of service (DoS) attack if they rely on data binding to set a MultipartFile or javax.servlet.Part to a field in a model object. • https://security.netapp.com/advisory/ntap-20220616-0006 https://tanzu.vmware.com/security/cve-2022-22970 https://www.oracle.com/security-alerts/cpujul2022.html https://access.redhat.com/security/cve/CVE-2022-22970 https://bugzilla.redhat.com/show_bug.cgi?id=2087272 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 5.3EPSS: 0%CPEs: 12EXPL: 0CVE-2022-22968 – Framework: Data Binding Rules Vulnerability
https://notcve.org/view.php?id=CVE-2022-22968
In Spring Framework versions 5.3.0 - 5.3.18, 5.2.0 - 5.2.20, and older unsupported versions, the patterns for disallowedFields on a DataBinder are case sensitive which means a field is not effectively protected unless it is listed with both upper and lower case for the first character of the field, including upper and lower case for the first character of all nested fields within the property path. En Spring Framework versiones 5.3.0 - 5.3.18, 5.2.0 - 5.2.20, y en las versiones anteriores no soportadas, los patrones para disallowedFields en un DataBinder distinguen entre mayúsculas y minúsculas, lo que significa que un campo no está efectivamente protegido a menos que aparezca con mayúsculas y minúsculas para el primer carácter del campo, incluyendo mayúsculas y minúsculas para el primer carácter de todos los campos anidados dentro de la ruta de la propiedad • https://security.netapp.com/advisory/ntap-20220602-0004 https://tanzu.vmware.com/security/cve-2022-22968 https://www.oracle.com/security-alerts/cpujul2022.html https://access.redhat.com/security/cve/CVE-2022-22968 https://bugzilla.redhat.com/show_bug.cgi?id=2075441 • CWE-20: Improper Input Validation CWE-178: Improper Handling of Case Sensitivity •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2022-22950 – spring-expression: Denial of service via specially crafted SpEL expression
https://notcve.org/view.php?id=CVE-2022-22950
n Spring Framework versions 5.3.0 - 5.3.16 and older unsupported versions, it is possible for a user to provide a specially crafted SpEL expression that may cause a denial of service condition. En Spring Framework versiones 5.3.0 - 5.3.16 y en las versiones anteriores no soportadas, es posible que un usuario proporcione una expresión SpEL especialmente diseñada que puede causar una condición de denegación de servicio A flaw was found in the Spring Framework. This flaw allows an attacker to craft a special Spring Expression, causing a denial of service. • https://tanzu.vmware.com/security/cve-2022-22950 https://access.redhat.com/security/cve/CVE-2022-22950 https://bugzilla.redhat.com/show_bug.cgi?id=2069414 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 9.8EPSS: 97%CPEs: 97EXPL: 25CVE-2022-22965 – Spring Framework JDK 9+ Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2022-22965
A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application is deployed as a Spring Boot executable jar, i.e. the default, it is not vulnerable to the exploit. However, the nature of the vulnerability is more general, and there may be other ways to exploit it. Una aplicación Spring MVC o Spring WebFlux que es ejecutada en JDK 9+ puede ser vulnerable a la ejecución de código remota (RCE) por medio de una vinculación de datos. • https://github.com/0zvxr/CVE-2022-22965 https://github.com/alt3kx/CVE-2022-22965 https://github.com/zangcc/CVE-2022-22965-rexbb https://github.com/Kirill89/CVE-2022-22965-PoC https://github.com/tangxiaofeng7/CVE-2022-22965-Spring-Core-Rce https://github.com/p1ckzi/CVE-2022-22965 https://github.com/me2nuk/CVE-2022-22965 https://github.com/light-Life/CVE-2022-22965-GUItools https://github.com/viniciuspereiras/CVE-2022-22965-poc https://github.com/itsecurityco/CVE-2022-2 • CWE-94: Improper Control of Generation of Code ('Code Injection') •