CVE-2022-22970

EPSS 0.16% · P37 Updated Feb 25, 2026

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2022-22970

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Description

In spring framework versions prior to 5.3.20+ , 5.2.22+ and old unsupported versions, applications that handle file uploads are vulnerable to DoS attack if they rely on data binding to set a MultipartFile or javax.servlet.Part to a field in a model object.

Source: NVD (National Vulnerability Database)

CVSS Information

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Type

不加限制或调节的资源分配

Source: NVD (National Vulnerability Database)

Vulnerability Title

Spring Framework 输入验证错误漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

Spring Framework是美国Spring团队的一套开源的Java、JavaEE应用程序框架。该框架可帮助开发人员构建高质量的应用。 Spring Framework 存在输入验证错误漏洞，攻击者利用该漏洞可通过将数据绑定到MultipartFile导致Spring Framework致命的错误，从而触发拒绝服务。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
-	Spring Framework	Spring Framework versions 5.3.x prior to 5.3.20, 5.2.x prior to 5.2.22 and all old and unsupported versions	-

II. Public POCs for CVE-2022-22970

#	POC Description	Source Link	Shenlong Link
1	None	https://github.com/Performant-Labs/CVE-2022-22970	POC Details

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2022-22970

请登录查看更多情报信息。

https://security.netapp.com/advisory/ntap-20220616-0006/x_refsource_CONFIRM
https://www.oracle.com/security-alerts/cpujul2022.htmlx_refsource_MISC
https://nvd.nist.gov/vuln/detail/CVE-2022-22970

Same Patch Batch · n/a · 2022-05-12 · 94 CVEs total

CVE-2022-29999		Insurance Management System SQL注入漏洞
CVE-2022-29745		Money Transfer Management System SQL注入漏洞
CVE-2022-29307		Ionize 代码注入漏洞
CVE-2022-28919		DokuWiki 跨站脚本漏洞
CVE-2022-28920		Tieba-Cloud-Sign 跨站脚本漏洞
CVE-2021-33130		Intel RealSense ID Solution F450 安全漏洞
CVE-2022-21131		Intel Xeon Processors 安全漏洞
CVE-2022-21136		Intel Xeon Processors 输入验证错误漏洞
CVE-2022-29738		Money Transfer Management System SQL注入漏洞
CVE-2022-29998		Insurance Management System SQL注入漏洞
CVE-2022-29746		Money Transfer Management System SQL注入漏洞
CVE-2022-29303		Contec SolarView Compact 操作系统命令注入漏洞
CVE-2022-29302		Contec SolarView Compact 安全漏洞
CVE-2022-29298		Contec SolarView Compact 路径遍历漏洞
CVE-2022-30000		Insurance Management System SQL注入漏洞
CVE-2022-30001		Insurance Management System SQL注入漏洞
CVE-2022-30002		Insurance Management System SQL注入漏洞
CVE-2022-29985		Online Sports Complex Booking System SQL注入漏洞
CVE-2022-29986		Online Sports Complex Booking System SQL注入漏洞
CVE-2022-29987		Online Sports Complex Booking System SQL注入漏洞

Showing top 20 of 94 CVEs. View all on vendor page → →

IV. Related Vulnerabilities

Same product: Spring Framework

Same vendor: n/a

Same weakness: CWE-770

V. Comments for CVE-2022-22970

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2022-22970

I. Basic Information for CVE-2022-22970

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2022-22970

III. Intelligence Information for CVE-2022-22970

Same Patch Batch · n/a · 2022-05-12 · 94 CVEs total

IV. Related Vulnerabilities

V. Comments for CVE-2022-22970

Leave a comment