spring-context is vulnerable to binding rules bypass. The vulnerability exists due to lack of sanitization of HTTP request parameters which allows an attacker to bypass the disallowedFields and bind malicious HTTP request parameters.
CVE
2022-22968
CVSS score
5
Vulnerability present in version/s
4.0.0.M1-4.3.30.RELEASE
Found library version/s
4.3.10.RELEASE
Vulnerability fixed in version
Library latest version
6.0.6
Fix
There is no fix version in this range. Apply the below fix or use alternative packages.
Veracode Software Composition Analysis
disallowedFieldsand bind malicious HTTP request parameters.Links: