CVE-2022-22979: Denial of Service in Spring Cloud Function

June 22, 2022

In Spring Cloud Function versions prior to 3.2.6, it is possible for a user who directly interacts with framework provided lookup functionality to cause a denial-of-service condition due to the caching issue in the Function Catalog component of the framework.

References

github.com/advisories/GHSA-q588-3544-8g33
nvd.nist.gov/vuln/detail/CVE-2022-22979
tanzu.vmware.com/security/cve-2022-22979

Code Behaviors & Features

Detect and mitigate CVE-2022-22979 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →