org.springframework.cloud:spring-cloud-function-context

Maven2 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting org.springframework.cloud:spring-cloud-function-contextpage 1 of 1

CVE-2022-22963CRITICALCVSS 9.8EG 9.8⚠ KEV✓ Fixed in 3.1.7
2022-04-01
vulnerable: 1.0.0.RELEASE ... 3.1.6 (30 versions)
In Spring Cloud Function versions 3.1.6, 3.2.2 and older unsupported versions, when using routing functionality it is possible for a user to provide a specially crafted SpEL as a routing-expression that may result in remote code execution …
CVE-2024-22271HIGHCVSS 8.2EG 8.2✓ Fixed in 4.1.2
2024-07-09
vulnerable: 4.1.0, 4.1.1
In Spring Cloud Function framework, versions 4.1.x prior to 4.1.2, 4.0.x prior to 4.0.8 an application is vulnerable to a DOS attack when attempting to compose functions with non-existing functions. Specifically, an application is vulnera…

Check whether org.springframework.cloud:spring-cloud-function-context is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for org.springframework.cloud:spring-cloud-function-context CVEs against the assets you own.

Start Free Scan →