Security Advisories

Documentation Cloud Services Solutions

CVE-2022-22950: Spring Expression DoS Vulnerability

  This advisory is archived

Archived security advisories updated before March 15, 2024 have been migrated from our previous documentation site in their original format. For this reason, they may not conform to the updated look and feel of advisories published after March 15, 2024.

  • Advisory ID: CVE-2022-22950
  • Title: Spring Expression DoS Vulnerability
  • Additional Links:

In Spring Framework versions 5.3.0 through 5.3.16, 5.2.0 through 5.2.19, and older unsupported versions, it is possible for a user to provide a specially crafted SpEL expression that may cause a denial of service condition.

Impacted Products

This vulnerability does not affect Commvault products.