Spring Cloud Function Web DOS Vulnerability
CVE-2024-22271

8.2HIGH

Key Information:

Vendor: Spring By Vmware Tanzu
Status: Spring Cloud Function Framework
Vendor: CVE Published:; 9 July 2024

Summary

The Spring Cloud Function Framework is susceptible to a Denial of Service (DoS) attack when users attempt to compose functions that do not exist. This vulnerability is present in versions 4.1.x prior to 4.1.2 and 4.0.x prior to 4.0.8, specifically when the Spring Cloud Function Web module is employed. Exploiting this vulnerability could hinder the application's functionality and accessibility, as it can cause significant interruptions when improper function compositions occur.

Affected Version(s)

Spring Cloud Function Framework Spring Cloud Function Framework 4.1.0-4.1.2, Spring Cloud Function Framework 4.0.0-4.0.8

References

https://spring.io/security/cve-2024-22271

CVSS V3.1

Score:

8.2

Severity:

HIGH

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 9, 2024