(OO) Support Tip: Does CVE-2022-22963 affect OO?

0 Likes

CVE-2022-22950: Spring Framework versions 5.3.0 - 5.3.16 and older unsupported versions, it is possible for a user to provide a specially crafted SpEL expression that may cause a denial of service condition.

Does this vulnerability affect Spring Framework used in OO?

CVE-2022-22963 does not affect OO because OO doesn’t take user input as SpEL and use it directly in Spring Framework. 

Please be advised that Spring Framework is upgraded to 5.3.18 in OO 2022.05.

Labels:

Support Tip
Comment List
Anonymous
Related Discussions
Recommended