Homepage

org.springframework.cloud:spring-cloud-function-context@2.1.1.RELEASE

  • latest version

    5.0.1

  • first published

    7 years ago

  • latest version published

    3 months ago

  • licenses detected

  • package registry

    View on Maven Central Repository
    • Go back to all versions of this package
    Report a new vulnerability Found a mistake?

    Direct Vulnerabilities

    Known vulnerabilities in the org.springframework.cloud:spring-cloud-function-context package. This does not include vulnerabilities belonging to this package’s dependencies.

    Fix vulnerabilities automatically

    Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

    Fix for free
    VulnerabilityVulnerable Version
    • H
    Allocation of Resources Without Limits or Throttling

    Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling through the SimpleFunctionRegistry composition. An attacker can exhaust memory or trigger unbounded recursive function composition by supplying crafted function definitions that repeatedly compose the same functions through the catalog lookup path. This can grow the registry’s internal wrapper state without limit and drive the application into excessive memory use, degraded performance, or a crash.

    Note: Fixes for earlier branches including 4.2.x, and 3.2.x are available under enterprise support.

    How to fix Allocation of Resources Without Limits or Throttling?

    Upgrade org.springframework.cloud:spring-cloud-function-context to version 4.3.3, 5.0.2 or higher.

    [,4.3.3)[5.0.0-M1,5.0.2)
    • H
    Allocation of Resources Without Limits or Throttling

    Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling through the SimpleFunctionRegistry composition and function wrapper cache in SimpleFunctionRegistry.java. An attacker can exhaust memory by supplying many distinct composed function lookups.

    Note: Fixes for earlier branches including 4.2.x, and 3.2.x are available under enterprise support.

    How to fix Allocation of Resources Without Limits or Throttling?

    Upgrade org.springframework.cloud:spring-cloud-function-context to version 4.3.3, 5.0.2 or higher.

    [,4.3.3)[5.0.0-M1,5.0.2)
    • H
    Denial of Service (DoS)

    Affected versions of this package are vulnerable to Denial of Service (DoS) when attempting to compose functions with non-existing functions. An attacker could trigger a cache overflow by exploiting this vulnerability.

    How to fix Denial of Service (DoS)?

    Upgrade org.springframework.cloud:spring-cloud-function-context to version 4.1.2 or higher.

    [,4.1.2)
    • M
    Denial of Service (DoS)

    Affected versions of this package are vulnerable to Denial of Service (DoS) due to the caching issue in the Function Catalog component of the framework. Exploiting this vulnerability is possible for an attacker who directly interacts with framework-provided lookup functionality.

    How to fix Denial of Service (DoS)?

    Upgrade org.springframework.cloud:spring-cloud-function-context to version 3.2.6 or higher.

    [,3.2.6)
    • C
    Remote Code Execution (RCE)

    Affected versions of this package are vulnerable to Remote Code Execution (RCE). An attacker is able to provide a crafted SpEL as a routing-expression that may result in access to local resources or even remote code execution.

    How to fix Remote Code Execution (RCE)?

    Upgrade org.springframework.cloud:spring-cloud-function-context to version 3.1.7, 3.2.3 or higher.

    [,3.1.7)[3.2.0,3.2.3)
    Go back to all versions of this package