Bug 2069414 (CVE-2022-22950) - CVE-2022-22950 spring-expression: Denial of service via specially crafted SpEL expression
Summary: CVE-2022-22950 spring-expression: Denial of service via specially crafted SpE...
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2022-22950
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 2074093 2073177 2084027
Blocks: 2069417
TreeView+ depends on / blocked
 
Reported: 2022-03-28 20:56 UTC by Pedro Sampaio
Modified: 2024-02-06 04:59 UTC (History)
77 users (show)

Fixed In Version: spring-expression 5.3.17
Doc Type: If docs needed, set a value
Doc Text:
A flaw was found in the Spring Framework. This flaw allows an attacker to craft a special Spring Expression, causing a denial of service.
Clone Of:
Environment:
Last Closed: 2022-08-31 18:25:54 UTC
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2022:5532 0 None None None 2022-07-07 14:22:57 UTC
Red Hat Product Errata RHSA-2022:5555 0 None None None 2022-07-14 12:54:25 UTC
Red Hat Product Errata RHSA-2022:5903 0 None None None 2022-08-04 04:48:20 UTC
Red Hat Product Errata RHSA-2022:8761 0 None None None 2022-12-14 13:17:31 UTC

Description Pedro Sampaio 2022-03-28 20:56:48 UTC 
In Spring Framework versions 5.3.0 - 5.3.16 and older unsupported versions, it is possible for a user to provide a specially crafted SpEL expression that may cause a denial of service condition.

References:

https://tanzu.vmware.com/security/cve-2022-22950
Comment 3 juneau 2022-04-11 14:19:49 UTC 
services-subscription-watch affected/delegated:

services-subscription-watch/rhsm/auto-registration-listener:7fe6e34/org.springframework:spring-expression-5.3.2 https://gitlab.cee.redhat.com/rhsm/automatic-registration/blob/master/pom.xml
services-subscription-watch/rhsm/rhsm-auto-registration-listener:7fe6e34/org.springframework:spring-expression-5.3.2 https://gitlab.cee.redhat.com/rhsm/automatic-registration/blob/production/pom.xml
services-subscription-watch/rhsm/marketplace-worker:28e1945/org.springframework:spring-expression-5.3.15 https://quay.io/cloudservices/rhsm-subscriptions:28e1945
services-subscription-watch/rhsm/swatch-system-conduit:latest/org.springframework:spring-expression-5.3.15 https://quay.io/cloudservices/swatch-system-conduit:latest
Comment 7 errata-xmlrpc 2022-07-07 14:22:53 UTC 
This issue has been addressed in the following products:

  Red Hat Fuse 7.11

Via RHSA-2022:5532 https://access.redhat.com/errata/RHSA-2022:5532
Comment 8 errata-xmlrpc 2022-07-14 12:54:23 UTC 
This issue has been addressed in the following products:

  Red Hat Virtualization Engine 4.4

Via RHSA-2022:5555 https://access.redhat.com/errata/RHSA-2022:5555
Comment 10 errata-xmlrpc 2022-08-04 04:48:16 UTC 
This issue has been addressed in the following products:

  RHPAM 7.13.0 async

Via RHSA-2022:5903 https://access.redhat.com/errata/RHSA-2022:5903
Comment 12 Product Security DevOps Team 2022-08-31 18:25:50 UTC 
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2022-22950
Comment 13 errata-xmlrpc 2022-12-14 13:17:28 UTC 
This issue has been addressed in the following products:

  Red Hat Openshift Application Runtimes

Via RHSA-2022:8761 https://access.redhat.com/errata/RHSA-2022:8761
Note You need to log in before you can comment on or make changes to this bug.