org.springframework.cloud:spring-cloud-function-context 3.0.9.RELEASE vulnerabilities

Direct Vulnerabilities

Known vulnerabilities in the org.springframework.cloud:spring-cloud-function-context package. This does not include vulnerabilities belonging to this package’s dependencies.

Fix vulnerabilities automatically

Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

Fix for free

Vulnerability	Vulnerable Version
H Denial of Service (DoS) Affected versions of this package are vulnerable to Denial of Service (DoS) when attempting to compose functions with non-existing functions. An attacker could trigger a cache overflow by exploiting this vulnerability. How to fix Denial of Service (DoS)? Upgrade `org.springframework.cloud:spring-cloud-function-context` to version 4.1.2 or higher.	[,4.1.2)
M Denial of Service (DoS) Affected versions of this package are vulnerable to Denial of Service (DoS) due to the caching issue in the `Function Catalog` component of the framework. Exploiting this vulnerability is possible for an attacker who directly interacts with framework-provided `lookup` functionality. How to fix Denial of Service (DoS)? Upgrade `org.springframework.cloud:spring-cloud-function-context` to version 3.2.6 or higher.	[,3.2.6)
C Remote Code Execution (RCE) Affected versions of this package are vulnerable to Remote Code Execution (RCE). An attacker is able to provide a crafted `SpEL` as a routing-expression that may result in access to local resources or even remote code execution. How to fix Remote Code Execution (RCE)? Upgrade `org.springframework.cloud:spring-cloud-function-context` to version 3.1.7, 3.2.3 or higher.	[,3.1.7)[3.2.0,3.2.3)

Vulnerability

Vulnerable Version

Denial of Service (DoS)

Affected versions of this package are vulnerable to Denial of Service (DoS) when attempting to compose functions with non-existing functions. An attacker could trigger a cache overflow by exploiting this vulnerability.

How to fix Denial of Service (DoS)?

Upgrade org.springframework.cloud:spring-cloud-function-context to version 4.1.2 or higher.

[,4.1.2)

Denial of Service (DoS)

Affected versions of this package are vulnerable to Denial of Service (DoS) due to the caching issue in the Function Catalog component of the framework. Exploiting this vulnerability is possible for an attacker who directly interacts with framework-provided lookup functionality.

How to fix Denial of Service (DoS)?

Upgrade org.springframework.cloud:spring-cloud-function-context to version 3.2.6 or higher.

[,3.2.6)

Remote Code Execution (RCE)

Affected versions of this package are vulnerable to Remote Code Execution (RCE). An attacker is able to provide a crafted SpEL as a routing-expression that may result in access to local resources or even remote code execution.

How to fix Remote Code Execution (RCE)?

Upgrade org.springframework.cloud:spring-cloud-function-context to version 3.1.7, 3.2.3 or higher.

[,3.1.7)[3.2.0,3.2.3)

org.springframework.cloud:spring-cloud-function-context@3.0.9.RELEASE vulnerabilities

latest version

latest non vulnerable version

first published

latest version published

licenses detected

package registry

Direct Vulnerabilities

Fix vulnerabilities automatically