CVE: 2022-22970 found in Spring Beans - Version: 4.3.10.RELEASE [JAVA]

[github-actions[bot]]

Veracode Software Composition Analysis

Attribute	Details
Library	Spring Beans
Description	Spring Beans
Language	JAVA
Vulnerability	Denial Of Service (DoS)
Vulnerability description	spring-beans is vulnerable to denial of service. . The vulnerability exists in CachedIntrospectionResults.java because applications that handle file not properly validate which allows to attacker crash the application.
CVE	2022-22970
CVSS score	3.5
Vulnerability present in version/s	3.0.3.RELEASE-4.3.30.RELEASE
Found library version/s	4.3.10.RELEASE
Vulnerability fixed in version	5.3.20
Library latest version	6.1.1
Fix	There is no fixed version released in this version range. Apply the below fix or use the updated 5.3.20 or 5.2.22 packages

Links:

• https://sca.analysiscenter.veracode.com/vulnerability-database/libraries/1070?version=4.3.10.RELEASE
• https://sca.analysiscenter.veracode.com/vulnerability-database/vulnerabilities/35505
• Patch: https://github.com/spring-projects/spring-framework/commit/50177b1ad3485bd44239b1756f6c14607476fcf2

[github-actions[bot]]

Veracode issue link to PR: https://github.com/veracode-repository-ruleset/verademo-java-maven/pull/54