Hello, our .NET applications make heavily use of Spring.NET (Core, Data, Aop, Wcf services, MVC 5 support, Quartz.NET). We also use spEL to evaluate string values with a logic of placeholders replacements.
Regarding the vulnerability CVE-2022-22950: Spring Expression DoS Vulnerability, I'm quite confident that this problem doesn't affect our applications but some of our customers asked us to provide reassurances about this issue.
Before giving an answer, however, I would like to have your opinion about it.
Hello, our .NET applications make heavily use of Spring.NET (Core, Data, Aop, Wcf services, MVC 5 support, Quartz.NET). We also use spEL to evaluate string values with a logic of placeholders replacements.
Regarding the vulnerability CVE-2022-22950: Spring Expression DoS Vulnerability, I'm quite confident that this problem doesn't affect our applications but some of our customers asked us to provide reassurances about this issue.
Before giving an answer, however, I would like to have your opinion about it.
Thank you very much for your support.