CVE-2022-22971

Name
CVE-2022-22971
Description
In spring framework versions prior to 5.3.20+ , 5.2.22+ and old unsupported versions, application with a STOMP over WebSocket endpoint is vulnerable to a denial of service attack by an authenticated user.
NVD Severity
medium
Other trackers
Mailing lists
Exploits
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
MISC https://tanzu.vmware.com/security/cve-2022-22971
Third Party Advisory https://security.netapp.com/advisory/ntap-20220616-0003/
Patch https://www.oracle.com/security-alerts/cpujul2022.html

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:vmware:spring_framework:*:*:*:*:*:*:*:* spring_framework >= 5.2.0 <= 5.2.21
cpe:2.3:a:vmware:spring_framework:*:*:*:*:*:*:*:* spring_framework >= 5.3.0 <= 5.3.19

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
jenkins edge-community 2.361.2-r0 Francesco Colista <fcolista@alpinelinux.org> fixed
jenkins 3.17-community 2.361.2-r0 Francesco Colista <fcolista@alpinelinux.org> fixed