Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-n8kg-ajw8-5yd2
Summary
Allocation of Resources Without Limits or Throttling
In spring framework versions prior to 5.3.20+, 5.2.22+ and old unsupported versions, applications that handle file uploads is vulnerable to DoS attack if they rely on data binding to set a MultipartFile or javax.servlet.Part to a field in a model object.
Aliases
0
alias CVE-2022-22970
1
alias GHSA-hh26-6xwr-ggv7
Fixed_packages
0
url pkg:maven/org.springframework/spring-beans@5.2.22.RELEASE
purl pkg:maven/org.springframework/spring-beans@5.2.22.RELEASE
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-beans@5.2.22.RELEASE
1
url pkg:maven/org.springframework/spring-beans@5.3.20
purl pkg:maven/org.springframework/spring-beans@5.3.20
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-beans@5.3.20
2
url pkg:maven/org.springframework/spring-core@5.2.22.RELEASE
purl pkg:maven/org.springframework/spring-core@5.2.22.RELEASE
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-core@5.2.22.RELEASE
3
url pkg:maven/org.springframework/spring-core@5.3.20
purl pkg:maven/org.springframework/spring-core@5.3.20
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-core@5.3.20
Affected_packages
0
url pkg:maven/org.springframework/spring-beans@5.2.21.RELEASE
purl pkg:maven/org.springframework/spring-beans@5.2.21.RELEASE
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-n8kg-ajw8-5yd2
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-beans@5.2.21.RELEASE
1
url pkg:maven/org.springframework/spring-beans@5.3.0
purl pkg:maven/org.springframework/spring-beans@5.3.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-n8kg-ajw8-5yd2
1
vulnerability VCID-vr7m-chzs-abfu
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-beans@5.3.0
2
url pkg:maven/org.springframework/spring-core@5.2.21.RELEASE
purl pkg:maven/org.springframework/spring-core@5.2.21.RELEASE
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-n8kg-ajw8-5yd2
1
vulnerability VCID-uvga-6hdm-3kda
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-core@5.2.21.RELEASE
3
url pkg:maven/org.springframework/spring-core@5.3.0
purl pkg:maven/org.springframework/spring-core@5.3.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6ach-4jet-a3cb
1
vulnerability VCID-amxf-c3z4-gbhk
2
vulnerability VCID-cfmp-m8jn-uqg4
3
vulnerability VCID-ehpw-txyw-auh6
4
vulnerability VCID-n8kg-ajw8-5yd2
5
vulnerability VCID-uvga-6hdm-3kda
6
vulnerability VCID-vr7m-chzs-abfu
7
vulnerability VCID-yqhz-ueqh-kfc4
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-core@5.3.0
References
0
reference_url https://github.com/spring-projects/spring-framework/commit/83186b689f11f5e6efe7ccc08fdeb92f66fcd583
reference_id
reference_type
scores
url https://github.com/spring-projects/spring-framework/commit/83186b689f11f5e6efe7ccc08fdeb92f66fcd583
1
reference_url https://security.netapp.com/advisory/ntap-20220616-0006/
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20220616-0006/
2
reference_url https://www.oracle.com/security-alerts/cpujul2022.html
reference_id
reference_type
scores
url https://www.oracle.com/security-alerts/cpujul2022.html
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-22970
reference_id CVE-2022-22970
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2022-22970
4
reference_url https://tanzu.vmware.com/security/cve-2022-22970
reference_id CVE-2022-22970
reference_type
scores
url https://tanzu.vmware.com/security/cve-2022-22970
5
reference_url https://github.com/advisories/GHSA-hh26-6xwr-ggv7
reference_id GHSA-hh26-6xwr-ggv7
reference_type
scores
url https://github.com/advisories/GHSA-hh26-6xwr-ggv7
Weaknesses
0
cwe_id 1035
name OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.
1
cwe_id 770
name Allocation of Resources Without Limits or Throttling
description The product allocates a reusable resource or group of resources on behalf of an actor without imposing any restrictions on the size or number of resources that can be allocated, in violation of the intended security policy for that actor.
2
cwe_id 937
name OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.
Exploits
Severity_range_scorenull
Exploitabilitynull
Weighted_severitynull
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-n8kg-ajw8-5yd2