spring-beans is vulnerable to denial of service. . The vulnerability exists in CachedIntrospectionResults.java because applications that handle file not properly validate which allows to attacker crash the application.
CVE
2022-22970
CVSS score
3.5
Vulnerability present in version/s
3.0.3.RELEASE-4.3.30.RELEASE
Found library version/s
4.3.10.RELEASE
Vulnerability fixed in version
5.3.20
Library latest version
6.0.2
Fix
There is no fixed version released in this version range. Apply the below fix or use the updated 5.3.20 or 5.2.22 packages
Veracode Software Composition Analysis
CachedIntrospectionResults.java
because applications that handle file not properly validate which allows to attacker crash the application.Links: