{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-29T16:20:31.309","vulnerabilities":[{"cve":{"id":"CVE-2024-22271","sourceIdentifier":"security@vmware.com","published":"2024-07-09T13:15:09.887","lastModified":"2026-06-17T07:11:04.473","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"In Spring Cloud Function framework, versions 4.1.x prior to 4.1.2, 4.0.x prior to 4.0.8 an application is vulnerable to a DOS attack when attempting to compose functions with non-existing functions.\n\nSpecifically, an application is vulnerable when all of the following are true:\n\nUser is using Spring Cloud Function Web module\n\nAffected Spring Products and Versions Spring Cloud Function Framework 4.1.0 to 4.1.2 4.0.0 to 4.0.8\n\nReferences  https://spring.io/security/cve-2022-22979   https://checkmarx.com/blog/spring-function-cloud-dos-cve-2022-22979-and-unintended-function-invocation/  History 2020-01-16: Initial vulnerability report published."},{"lang":"es","value":"En el framework Spring Cloud Function, versiones 4.1.x anteriores a 4.1.2, 4.0.x anteriores a 4.0.8, una aplicación es vulnerable a un ataque de DOS cuando intenta componer funciones con funciones no existentes. Específicamente, una aplicación es vulnerable cuando se cumple todo lo siguiente: El usuario está utilizando el módulo web Spring Cloud Function Productos y versiones de Spring afectados Spring Cloud Function Framework 4.1.0 a 4.1.2 4.0.0 a 4.0.8 Referencias https:// spring.io/security/cve-2022-22979 https://checkmarx.com/blog/spring-function-cloud-dos-cve-2022-22979-and-unintended-function-invocation/ Historia 2020-01-16: Informe inicial de vulnerabilidad publicado."}],"affected":[{"source":"security@vmware.com","affectedData":[{"vendor":"Spring by VMware Tanzu","product":"Spring Cloud Function Framework","defaultStatus":"unaffected","versions":[{"version":"Spring Cloud Function Framework 4.1.0-4.1.2, Spring Cloud Function Framework 4.0.0-4.0.8","status":"affected"}]}]},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","affectedData":[{"vendor":"vmware","product":"spring_cloud_function","defaultStatus":"unaffected","cpes":["cpe:2.3:a:vmware:spring_cloud_function:4.0.0:*:*:*:*:*:*:*"],"versions":[{"version":"4.0.0","lessThan":"4.0.8","versionType":"custom","status":"affected"}]},{"vendor":"vmware","product":"spring_cloud_function","defaultStatus":"unaffected","cpes":["cpe:2.3:a:vmware:spring_cloud_function:4.1.0:*:*:*:*:*:*:*"],"versions":[{"version":"4.1.0","lessThan":"4.1.2","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@vmware.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N","baseScore":8.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":4.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2024-07-11T20:06:48.215614Z","id":"CVE-2024-22271","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-20"}]}],"references":[{"url":"https://spring.io/security/cve-2024-22271","source":"security@vmware.com"},{"url":"https://spring.io/security/cve-2024-22271","source":"af854a3a-2127-422b-91ae-364da2661108"}]}}]}