Spring Cloud Function Web DOS Vulnerability
CVE-2024-22271

8.2HIGH

Key Information:

Vendor: Spring By Vmware Tanzu
Status: Spring Cloud Function Framework
Vendor: CVE Published:; 9 July 2024

🔔 Create Spring By Vmware Tanzu Vulnerability Alert

What is CVE-2024-22271?

The Spring Cloud Function Framework is susceptible to a Denial of Service (DoS) attack when users attempt to compose functions that do not exist. This vulnerability is present in versions 4.1.x prior to 4.1.2 and 4.0.x prior to 4.0.8, specifically when the Spring Cloud Function Web module is employed. Exploiting this vulnerability could hinder the application's functionality and accessibility, as it can cause significant interruptions when improper function compositions occur.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Spring Cloud Function Framework Spring Cloud Function Framework 4.1.0-4.1.2, Spring Cloud Function Framework 4.0.0-4.0.8

References

https://spring.io/security/cve-2024-22271

CVSS V3.1

Score:

8.2

Severity:

HIGH

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 9, 2024

JSON

Spring By Vmware Tanzu