CVE-2024-22271

HIGH Year: 2024
CVSS v3 Score
8.2
High
Weakness Type
CWE-20
View all →

Vulnerability Description

In Spring Cloud Function framework, versions 4.1.x prior to 4.1.2, 4.0.x prior to 4.0.8 an application is vulnerable to a DOS attack when attempting to compose functions with non-existing functions. Specifically, an application is vulnerable when all of the following are true: User is using Spring Cloud Function Web module Affected Spring Products and Versions Spring Cloud Function Framework 4.1.0 to 4.1.2 4.0.0 to 4.0.8 References https://spring.io/security/cve-2022-22979 https://checkmarx.com/blog/spring-function-cloud-dos-cve-2022-22979-and-unintended-function-invocation/ History 2020-01-16: Initial vulnerability report published.

Related Vulnerabilities

CVE-2012-1168

HIGH
CVSS:8.2(High)

Moodle before 2.2.2 has a password and web services issue where when the user profile is updated the user password is reset if not specified.

CWE-202012

CVE-2016-1182

HIGH
CVSS:8.2(High)

ActionServlet.java in Apache Struts 1 1.x through 1.3.10 does not properly restrict the Validator configuration, which allows remote attackers to conduct cross-site scripting (XSS) attacks or cause a ...

CWE-202016

CVE-2016-1441

HIGH
CVSS:8.2(High)

Cisco Cloud Network Automation Provisioner (CNAP) 1.0(0) in Cisco Configuration Assistant (CCA) allows remote attackers to bypass intended filesystem and administrative-endpoint restrictions via GET A...

CWE-202016

CVE-2017-1000368

HIGH
CVSS:8.2(High)

Todd Miller's sudo version 1.8.20p1 and earlier is vulnerable to an input validation (embedded newlines) in the get_process_ttyname() function resulting in information disclosure and command execution...

CWE-202017

CVE-2017-3752

HIGH
CVSS:8.2(High)

An industry-wide vulnerability has been identified in the implementation of the Open Shortest Path First (OSPF) routing protocol used on some Lenovo switches. Exploitation of these implementation flaw...

CWE-202017