CVE: 2022-22968 found in Spring Context - Version: 4.3.10.RELEASE [JAVA]

[github-actions[bot]]

Veracode Software Composition Analysis

Attribute	Details
Library	Spring Context
Description	Spring Context
Language	JAVA
Vulnerability	Binding Rules Bypass
Vulnerability description	spring-context is vulnerable to binding rules bypass. The vulnerability exists due to lack of sanitization of HTTP request parameters which allows an attacker to bypass the disallowedFields and bind malicious HTTP request parameters.
CVE	2022-22968
CVSS score	5
Vulnerability present in version/s	4.0.0.M1-4.3.30.RELEASE
Found library version/s	4.3.10.RELEASE
Vulnerability fixed in version
Library latest version	6.1.1
Fix	There is no fix version in this range. Apply the below fix or use alternative packages.

Links:

• https://sca.analysiscenter.veracode.com/vulnerability-database/libraries/553?version=4.3.10.RELEASE
• https://sca.analysiscenter.veracode.com/vulnerability-database/vulnerabilities/35109
• Patch:

[github-actions[bot]]

Veracode issue link to PR: https://github.com/veracode-repository-ruleset/verademo-java-maven/pull/54