Spring.Framework.CVE-2022-22950.Denial.of.Service
Description
This indicates an attack attempt to exploit a Denial of Service Vulnerability in Spring Framework.
The vulnerability is due to improper check of a specially crafted SpEL expression provided by user. Successful exploitation could potentially allow denial of service to be performed.
Affected Products
Spring Framework 5.3.0 to 5.3.16
Spring Framework Older, unsupported versions
Impact
Denial of Service: Remote attackers can crash vulnerable systems.
Recommended Actions
Apply the most recent upgrade or patch from the vendor.
https://tanzu.vmware.com/security/cve-2022-22950
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |