CVE-2026-40990
- EPSS 0.21%
- Veröffentlicht 01.06.2026 17:49:16
- Zuletzt bearbeitet 05.06.2026 13:47:12
OOM error is possible while attempting to add infinite amount of functions to Function Registry. Affected Spring Products and Versions: Spring Cloud Function 3.2.x: versions prior to 3.2.16 Spring Cloud Function 4.1.x: versions prior to 4.1.10 Sprin...
CVE-2026-40989
- EPSS 0.21%
- Veröffentlicht 01.06.2026 17:49:14
- Zuletzt bearbeitet 05.06.2026 13:49:38
Under infinite recursion in the routing layer, request-handling can cause OOM error. Affected Spring Products and Versions: Spring Cloud Function 3.2.x: versions prior to 3.2.16 Spring Cloud Function 4.1.x: versions prior to 4.1.10 Spring Cloud Func...
CVE-2024-22271
- EPSS 0.36%
- Veröffentlicht 09.07.2024 13:15:09
- Zuletzt bearbeitet 15.04.2026 00:35:42
In Spring Cloud Function framework, versions 4.1.x prior to 4.1.2, 4.0.x prior to 4.0.8 an application is vulnerable to a DOS attack when attempting to compose functions with non-existing functions. Specifically, an application is vulnerable when al...
CVE-2022-22979
- EPSS 1.27%
- Veröffentlicht 21.06.2022 15:15:08
- Zuletzt bearbeitet 21.11.2024 06:47:43
In Spring Cloud Function versions prior to 3.2.6, it is possible for a user who directly interacts with framework provided lookup functionality to cause a denial-of-service condition due to the caching issue in the Function Catalog component of the f...
CVE-2022-22963
- EPSS 99.94%
- Veröffentlicht 01.04.2022 23:15:13
- Zuletzt bearbeitet 30.10.2025 19:56:53
In Spring Cloud Function versions 3.1.6, 3.2.2 and older unsupported versions, when using routing functionality it is possible for a user to provide a specially crafted SpEL as a routing-expression that may result in remote code execution and access ...