org.springframework.cloud:spring-cloud-function-context@3.0.2.RELEASE vulnerabilities

  • latest version

    4.2.0

  • latest non vulnerable version

  • first published

    6 years ago

  • latest version published

    25 days ago

  • licenses detected

  • package manager

  • Direct Vulnerabilities

    Known vulnerabilities in the org.springframework.cloud:spring-cloud-function-context package. This does not include vulnerabilities belonging to this package’s dependencies.

    How to fix?

    Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

    Fix for free
    VulnerabilityVulnerable Version
    • H
    Denial of Service (DoS)

    Affected versions of this package are vulnerable to Denial of Service (DoS) when attempting to compose functions with non-existing functions. An attacker could trigger a cache overflow by exploiting this vulnerability.

    How to fix Denial of Service (DoS)?

    Upgrade org.springframework.cloud:spring-cloud-function-context to version 4.1.2 or higher.

    [,4.1.2)
    • M
    Denial of Service (DoS)

    Affected versions of this package are vulnerable to Denial of Service (DoS) due to the caching issue in the Function Catalog component of the framework. Exploiting this vulnerability is possible for an attacker who directly interacts with framework-provided lookup functionality.

    How to fix Denial of Service (DoS)?

    Upgrade org.springframework.cloud:spring-cloud-function-context to version 3.2.6 or higher.

    [,3.2.6)
    • C
    Remote Code Execution

    Affected versions of this package are vulnerable to Remote Code Execution. An attacker is able to provide a crafted SpEL as a routing-expression that may result in access to local resources or even remote code execution.

    How to fix Remote Code Execution?

    Upgrade org.springframework.cloud:spring-cloud-function-context to version 3.1.7, 3.2.3 or higher.

    [,3.1.7)[3.2.0,3.2.3)