Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CVE: 2022-22970 found in Spring Beans - Version: 3.2.15.RELEASE [JAVA] #850

Open
github-actions bot opened this issue Sep 24, 2022 · 0 comments
Open

CVE: 2022-22970 found in Spring Beans - Version: 3.2.15.RELEASE [JAVA] #850

github-actions bot opened this issue Sep 24, 2022 · 0 comments
Labels
Severity: Low Low severity Veracode Dependency Scanning A Veracode identified vulnerability

Comments

@github-actions
Copy link

Veracode Software Composition Analysis

Attribute Details
Library Spring Beans
Description Spring Beans
Language JAVA
Vulnerability Denial Of Service (DoS)
Vulnerability description spring-beans is vulnerable to denial of service. An attacker can crash the application through a model object when it sets a multipart file or javax.servlet.Part of a field
CVE 2022-22970
CVSS score 3.5
Vulnerability present in version/s 3.0.3.RELEASE-4.3.30.RELEASE
Found library version/s 3.2.15.RELEASE
Vulnerability fixed in version 5.3.20
Library latest version 6.0.0-M6
Fix There is no fixed version released in this version range. Apply the below fix or use the updated 5.3.20 or 5.2.22 packages

Links:
@github-actions github-actions bot added Severity: Low Low severity Veracode Dependency Scanning A Veracode identified vulnerability labels Sep 24, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Severity: Low Low severity Veracode Dependency Scanning A Veracode identified vulnerability
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
0 participants