CVE-2022-22968
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2022-22968
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
In Spring Framework versions 5.3.0 - 5.3.18, 5.2.0 - 5.2.20, and older unsupported versions, the patterns for disallowedFields on a DataBinder are case sensitive which means a field is not effectively protected unless it is listed with both upper and lower case for the first character of the field, including upper and lower case for the first character of all nested fields within the property path.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
Vmware Spring Framework 安全特征问题漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Vmware Spring Framework是美国威睿(Vmware)公司的一套开源的Java、JavaEE应用程序框架。该框架可帮助开发人员构建高质量的应用。 Vmware Spring Framework存在安全特征问题漏洞,该漏洞源于DataBinder上disallowedFields的模式是区分大小写的,这意味着字段没有得到有效保护,除非该字段的第一个字符同时以大写和小写字母列出,包括属性路径中所有嵌套字段的第一个字符的大写和小写字母。远程攻击者利用该漏洞可以绕过实施的安全限制。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| - | Spring Framework | Spring Framework versions 5.3.0 - 5.3.18, 5.2.0 - 5.2.20, and older unsupported versions | - |
II. Public POCs for CVE-2022-22968
| # | POC Description | Source Link | Shenlong Link |
|---|---|---|---|
| 1 | Testing CVE-2022-22968 | https://github.com/MarcinGadz/spring-rce-poc | POC Details |
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2022-22968
请登录查看更多情报信息。
- https://tanzu.vmware.com/security/cve-2022-22968x_refsource_MISC
- https://www.oracle.com/security-alerts/cpujul2022.htmlx_refsource_MISC
- https://security.netapp.com/advisory/ntap-20220602-0004/x_refsource_CONFIRM
- https://nvd.nist.gov/vuln/detail/CVE-2022-22968
Same Patch Batch · n/a · 2022-04-14 · 30 CVEs total
| CVE-2022-27451 | MariaDB 安全漏洞 | |
| CVE-2021-43287 | ThoughtWorks GoCD 信息泄露漏洞 | |
| CVE-2022-26507 | AT&T Labs Xmill 缓冲区错误漏洞 | |
| CVE-2021-43633 | Messaging Web Application 跨站脚本漏洞 | |
| CVE-2021-43290 | ThoughtWorks GoCD 路径遍历漏洞 | |
| CVE-2021-43289 | ThoughtWorks GoCD 路径遍历漏洞 | |
| CVE-2021-43288 | ThoughtWorks GoCD 跨站脚本漏洞 | |
| CVE-2021-43286 | ThoughtWorks GoCD 命令注入漏洞 | |
| CVE-2022-27444 | MariaDB 安全漏洞 | |
| CVE-2022-27445 | MariaDB 安全漏洞 | |
| CVE-2022-27447 | MariaDB 资源管理错误漏洞 | |
| CVE-2022-27446 | MariaDB 安全漏洞 | |
| CVE-2022-27449 | MariaDB 安全漏洞 | |
| CVE-2022-27448 | MariaDB 安全漏洞 | |
| CVE-2022-27452 | MariaDB 安全漏洞 | |
| CVE-2022-22966 | VMware Cloud Director 输入验证错误漏洞 | |
| CVE-2022-27455 | MariaDB 资源管理错误漏洞 | |
| CVE-2022-27457 | MariaDB 资源管理错误漏洞 | |
| CVE-2022-27456 | MariaDB 资源管理错误漏洞 | |
| CVE-2021-45228 | COINS Construction Cloud 跨站脚本漏洞 |
Showing top 20 of 30 CVEs. View all on vendor page → →
IV. Related Vulnerabilities
Same product: Spring Framework
- CVE-2026-22745
CVE-2026-22745 : Denial of service in static resource handli - CVE-2026-22741
Static resource cache poisoning in Spring MVC and WebFlux - CVE-2026-22740
Spring Framework DoS with Multipart Temp Files in WebFlux - CVE-2026-22737
Spring Framework Improper Path Limitation with Script View T - CVE-2025-41254
Spring Framework STOMP CSRF Vulnerability
V. Comments for CVE-2022-22968
No comments yet