5l1D3R / Github-actions

0 stars 0 forks source link

CVE: 2022-22970 found in Spring Beans - Version: 4.3.10.RELEASE [JAVA] #34

Open github-actions[bot] opened 1 year ago

github-actions[bot] commented 1 year ago

Veracode Software Composition Analysis

Attribute Details
Library Spring Beans
Description Spring Beans
Language JAVA
Vulnerability Denial Of Service (DoS)
Vulnerability description spring-beans is vulnerable to denial of service. . The vulnerability exists in CachedIntrospectionResults.java because applications that handle file not properly validate which allows to attacker crash the application.
CVE 2022-22970
CVSS score 3.5
Vulnerability present in version/s 3.0.3.RELEASE-4.3.30.RELEASE
Found library version/s 4.3.10.RELEASE
Vulnerability fixed in version 5.3.20
Library latest version 6.0.2
Fix There is no fixed version released in this version range. Apply the below fix or use the updated 5.3.20 or 5.2.22 packages

Links:

github-actions[bot] commented 1 year ago

Veracode issue link to PR: https://github.com/5l1D3R/Github-actions/pull/2