org.springframework.cloud:spring-cloud-function-context 3.0.0.RELEASE vulnerabilities

Direct Vulnerabilities

Known vulnerabilities in the org.springframework.cloud:spring-cloud-function-context package. This does not include vulnerabilities belonging to this package’s dependencies.

How to fix?

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free

Vulnerability	Vulnerable Version
H Denial of Service (DoS) Affected versions of this package are vulnerable to Denial of Service (DoS) when attempting to compose functions with non-existing functions. An attacker could trigger a cache overflow by exploiting this vulnerability. How to fix Denial of Service (DoS)? Upgrade `org.springframework.cloud:spring-cloud-function-context` to version 4.1.2 or higher.	[,4.1.2)
M Denial of Service (DoS) Affected versions of this package are vulnerable to Denial of Service (DoS) due to the caching issue in the `Function Catalog` component of the framework. Exploiting this vulnerability is possible for an attacker who directly interacts with framework-provided `lookup` functionality. How to fix Denial of Service (DoS)? Upgrade `org.springframework.cloud:spring-cloud-function-context` to version 3.2.6 or higher.	[,3.2.6)
C Remote Code Execution Affected versions of this package are vulnerable to Remote Code Execution. An attacker is able to provide a crafted `SpEL` as a routing-expression that may result in access to local resources or even remote code execution. How to fix Remote Code Execution? Upgrade `org.springframework.cloud:spring-cloud-function-context` to version 3.1.7, 3.2.3 or higher.	[,3.1.7)[3.2.0,3.2.3)

Vulnerability

Vulnerable Version

Denial of Service (DoS)

Affected versions of this package are vulnerable to Denial of Service (DoS) when attempting to compose functions with non-existing functions. An attacker could trigger a cache overflow by exploiting this vulnerability.

How to fix Denial of Service (DoS)?

Upgrade org.springframework.cloud:spring-cloud-function-context to version 4.1.2 or higher.

[,4.1.2)

Denial of Service (DoS)

Affected versions of this package are vulnerable to Denial of Service (DoS) due to the caching issue in the Function Catalog component of the framework. Exploiting this vulnerability is possible for an attacker who directly interacts with framework-provided lookup functionality.

How to fix Denial of Service (DoS)?

Upgrade org.springframework.cloud:spring-cloud-function-context to version 3.2.6 or higher.

[,3.2.6)

Remote Code Execution

Affected versions of this package are vulnerable to Remote Code Execution. An attacker is able to provide a crafted SpEL as a routing-expression that may result in access to local resources or even remote code execution.

How to fix Remote Code Execution?

Upgrade org.springframework.cloud:spring-cloud-function-context to version 3.1.7, 3.2.3 or higher.

[,3.1.7)[3.2.0,3.2.3)

org.springframework.cloud:spring-cloud-function-context@3.0.0.RELEASE vulnerabilities

latest version

latest non vulnerable version

first published

latest version published

licenses detected

package manager

Direct Vulnerabilities

How to fix?