CVE-2024-22271
- EPSS 0.21%
- Published 09.07.2024 13:15:09
- Last modified 21.11.2024 08:55:56
In Spring Cloud Function framework, versions 4.1.x prior to 4.1.2, 4.0.x prior to 4.0.8 an application is vulnerable to a DOS attack when attempting to compose functions with non-existing functions. Specifically, an application is vulnerable when al...
CVE-2022-22979
- EPSS 0.86%
- Published 21.06.2022 15:15:08
- Last modified 21.11.2024 06:47:43
In Spring Cloud Function versions prior to 3.2.6, it is possible for a user who directly interacts with framework provided lookup functionality to cause a denial-of-service condition due to the caching issue in the Function Catalog component of the f...
CVE-2022-22963
- EPSS 94.46%
- Published 01.04.2022 23:15:13
- Last modified 13.03.2025 16:36:53
In Spring Cloud Function versions 3.1.6, 3.2.2 and older unsupported versions, when using routing functionality it is possible for a user to provide a specially crafted SpEL as a routing-expression that may result in remote code execution and access ...