CVE-2022-22950

Allocation of Resources Without Limits or Throttling in Spring Framework

Description

In Spring Framework versions 5.3.0 - 5.3.16, 5.2.0.RELEASE - 5.2.19.RELEASE, and older unsupported versions, it is possible for a user to provide a specially crafted SpEL expression that may cause a denial of service condition.

Patch Available

Fix available through Seal Security.  
No upgrade required, protect your application instantly.

Fix without upgrading

Score

Severity

Ecosystem

Java

Publish Date

April 2, 2022

Modified Date

November 7, 2023

Score Vector

Affected Versions