org.springframework.cloud:spring-cloud-function-context@3.0.4.RELEASE vulnerabilities

Direct Vulnerabilities

Known vulnerabilities in the org.springframework.cloud:spring-cloud-function-context package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • H
Denial of Service (DoS)

Affected versions of this package are vulnerable to Denial of Service (DoS) when attempting to compose functions with non-existing functions. An attacker could trigger a cache overflow by exploiting this vulnerability.

How to fix Denial of Service (DoS)?

Upgrade org.springframework.cloud:spring-cloud-function-context to version 4.1.2 or higher.

[,4.1.2)
  • M
Denial of Service (DoS)

Affected versions of this package are vulnerable to Denial of Service (DoS) due to the caching issue in the Function Catalog component of the framework. Exploiting this vulnerability is possible for an attacker who directly interacts with framework-provided lookup functionality.

How to fix Denial of Service (DoS)?

Upgrade org.springframework.cloud:spring-cloud-function-context to version 3.2.6 or higher.

[,3.2.6)
  • C
Remote Code Execution

Affected versions of this package are vulnerable to Remote Code Execution. An attacker is able to provide a crafted SpEL as a routing-expression that may result in access to local resources or even remote code execution.

How to fix Remote Code Execution?

Upgrade org.springframework.cloud:spring-cloud-function-context to version 3.1.7, 3.2.3 or higher.

[,3.1.7) [3.2.0,3.2.3)