spring-beans is vulnerable to denial of service. An attacker can crash the application through a model object when it sets a multipart file or javax.servlet.Part of a field
CVE
2022-22970
CVSS score
3.5
Vulnerability present in version/s
3.0.3.RELEASE-4.3.30.RELEASE
Found library version/s
4.3.10.RELEASE
Vulnerability fixed in version
5.3.20
Library latest version
6.0.0-M6
Fix
There is no fixed version released in this version range. Apply the below fix or use the updated 5.3.20 or 5.2.22 packages
Veracode Software Composition Analysis
javax.servlet.Part
of a fieldLinks: