lahma
commented
2 years ago Based on the version in the CVE, probably not. Spring.NET is version 3.x currently and that CVE describes version 5.x.
Closed ju29robot closed 2 years ago
lahma
commented
2 years ago Based on the version in the CVE, probably not. Spring.NET is version 3.x currently and that CVE describes version 5.x.
Hello, our .NET applications make heavily use of Spring.NET (Core, Data, Aop, Wcf services, MVC 5 support, Quartz.NET). We also use spEL to evaluate string values with a logic of placeholders replacements.
Regarding the vulnerability CVE-2022-22950: Spring Expression DoS Vulnerability, I'm quite confident that this problem doesn't affect our applications but some of our customers asked us to provide reassurances about this issue.
Before giving an answer, however, I would like to have your opinion about it.
Thank you very much for your support.