<p>Upgrade <code>org.springframework:spring-context</code> to version 5.2.21, 5.3.19 or higher.</p>

Improper Handling of Case Sensitivity Affecting org.springframework:spring-context package, versions [,5.2.21) [5.3.0, 5.3.19)

Threat Intelligence

Proof of concept

0.07% (32^nd percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Snyk ID SNYK-JAVA-ORGSPRINGFRAMEWORK-2689634
published 14 Apr 2022
disclosed 14 Apr 2022
credit Unknown

Report a new vulnerability Found a mistake?

Introduced: 14 Apr 2022

CVE-2022-22968 Open this link in a new tab CWE-178 Open this link in a new tab

How to fix?

Upgrade org.springframework:spring-context to version 5.2.21, 5.3.19 or higher.

Overview

Affected versions of this package are vulnerable to Improper Handling of Case Sensitivity via the patterns for disallowedFields on a DataBinder. As a result, a field is not effectively protected unless it is listed with both upper and lower case for the first character of the field, including nested fields within the property path.

References

CVSS Scores

version 3.1

Attack Vector (AV)

Network
Attack Complexity (AC)

High
Privileges Required (PR)

None
User Interaction (UI)

None

Scope (S)

Unchanged

Confidentiality (C)

None
Integrity (I)

Low
Availability (A)

None

Improper Handling of Case Sensitivity Affecting org.springframework:spring-context package, versions [,5.2.21) [5.3.0, 5.3.19)

Severity

CVSS assessment made by Snyk's Security Team