Security
Headlines
HeadlinesLatestCVEs

Headline

GHSA-j4r7-p9fp-w3f3: Spring Cloud Function Framework vulnerable to Denial of Service

In Spring Cloud Function framework, versions 4.1.x prior to 4.1.2, 4.0.x prior to 4.0.8 an application is vulnerable to a DOS attack when attempting to compose functions with non-existing functions.

Specifically, an application is vulnerable when all of the following are true:

User is using Spring Cloud Function Web module

Affected Spring Products and Versions Spring Cloud Function Framework 4.1.0 to 4.1.2 4.0.0 to 4.0.8

References https://spring.io/security/cve-2022-22979 https://checkmarx.com/blog/spring-function-cloud-dos-cve-2022-22979-and-unintended-function-invocation/ History 2020-01-16: Initial vulnerability report published.

ghsa
#vulnerability#web#dos#git

Spring Cloud Function Framework vulnerable to Denial of Service

High severity GitHub Reviewed Published Jul 9, 2024 to the GitHub Advisory Database • Updated Jul 9, 2024

ghsa: Latest News

GHSA-vm62-9jw3-c8w3: Gogs has an argument Injection in the built-in SSH server