CVE-2022-22971

Allocation of Resources Without Limits or Throttling in maven/org.springframework/spring-messaging

Identifiers

GHSA-rqph-vqwm-22vc, CVE-2022-22971

Package Slug

maven/org.springframework/spring-messaging

Vulnerability

Allocation of Resources Without Limits or Throttling

Description

In spring framework versions prior to 5.3.20+, 5.2.22+ and old unsupported versions, application with a STOMP over WebSocket endpoint is vulnerable to a denial of service attack by an authenticated user.

Affected Versions

All versions up to 5.2.21.release, all versions starting from 5.3.0 before 5.3.20

Solution

Upgrade to versions 5.2.22.RELEASE, 5.3.20 or above.

Last Modified

2024-02-05

source