CVE-2022-22971 @ Maven-org.springframework:spring-core-3.2.4.RELEASE

Question

CVE-2022-22971 @ Maven-org.springframework:spring-core-3.2.4.RELEASE

Opened this issue 7 months ago · 0 comments

cristovaoolegario commented 7 months ago

Checkmarx (SCA): Vulnerable Package
Vulnerability: Read More about CVE-2022-22971
Checkmarx Project: cristovaoolegario/astlab
Repository URL: https://github.com/cristovaoolegario/astlab
Branch: main
Scan ID: 39e7da3c-31d5-48d8-8e52-19c01426aaab

In Spring Framework versions 5.2.0 through 5.2.21, 5.3.0 through 5.3.19, and older unsupported versions, application with a "STOMP" over "WebSocket" endpoint is vulnerable to a Denial of Service attack by an authenticated user.

Additional Info
Attack vector: NETWORK
Attack complexity: LOW
Confidentiality impact: NONE
Availability impact: HIGH
Remediation Upgrade Recommendation: 4.0.0.M3