Skip to content

CVE: 2022-22950 found in Spring Expression Language (SpEL) - Version: 3.2.15.RELEASE [JAVA] #843

New issue
New issue
Open
Open
CVE: 2022-22950 found in Spring Expression Language (SpEL) - Version: 3.2.15.RELEASE [JAVA]#843
Labels
Severity: MediumMedium severityVeracode Dependency ScanningA Veracode identified vulnerability
@github-actions

Description

@github-actions
github-actions
bot
opened on Sep 24, 2022

Veracode Software Composition Analysis

Attribute Details
Library Spring Expression Language (SpEL)
Description Spring Expression Language (SpEL)
Language JAVA
Vulnerability Denial Of Service (DoS)
Vulnerability description Spring Expression is vulnerable to denial of service. The vulnerability exists due to the creation of large array in a SpEL and sending meaningless error messages to the user which allows an attacker to send crafted SpEL expressions that leads to an out ouf bound error causing an application crash.
CVE 2022-22950
CVSS score 4
Vulnerability present in version/s 3.0.4.RELEASE-5.2.19.RELEASE
Found library version/s 3.2.15.RELEASE
Vulnerability fixed in version 5.2.20.RELEASE
Library latest version 6.0.0-M6
Fix

Links:

Metadata

Metadata

Assignees

No one assigned

    Labels

    Severity: MediumMedium severityVeracode Dependency ScanningA Veracode identified vulnerability

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions