CVE-2021-22060 — Vulnetix

Try Vulnetix Request Demo

CVE-2021-22060 PUBLISHED

In Spring Framework versions 5.3.0 - 5.3.13, 5.2.0 - 5.2.18, and older unsupported versions, it is possible for a user to provide malicious input to cause the insertion of additional log entries. This is a follow-up to CVE-2021-22096 that protects against additional types of input and in more places of the Spring Framework codebase.

EPSS 0.16% · 37.2th percentile

Risk Scores

EPSS Score

0.16%

37.2th percentile

Affected Products

Vendor	Product	Versions
Ubuntu:Pro:24.04:LTS	libspring-java	0, 4.3.30-2ubuntu0.24.04.1~esm1, 4.3.30-2
Ubuntu:Pro:16.04:LTS	libspring-java	3.2.13-5, 0, 3.2.13-4
Ubuntu:Pro:22.04:LTS	libspring-java	4.3.30-1, 0, 4.3.30-1ubuntu0.1~esm1
Ubuntu:25.10	libspring-java	4.3.30-2ubuntu1, 0, 4.3.30-3ubuntu1
Ubuntu:Pro:20.04:LTS	libspring-java	0, 4.3.22-4ubuntu0.1~esm1, 4.3.22-4
Ubuntu:Pro:18.04:LTS	libspring-java	4.3.12-1, 0, 4.3.11-1
Ubuntu:Pro:14.04:LTS	libspring-java	0, 3.0.6.RELEASE-13ubuntu0.1~esm2, 3.0.6.RELEASE-13ubuntu0.1~esm1

Timeline

Jan 5, 2022 CVE Published
Jan 8, 2022 EPSS Score
Jan 18, 2022 CVE Updated
Mar 2, 2022 EPSS Score
Apr 24, 2022 EPSS Score
Jun 16, 2022 EPSS Score
Aug 9, 2022 EPSS Score
Oct 1, 2022 EPSS Score
Nov 23, 2022 EPSS Score
Jan 15, 2023 EPSS Score
Mar 7, 2023 EPSS Score
Mar 8, 2023 EPSS Score

References

https://ubuntu.com/security/CVE-2021-22060 third-party-advisory
https://tanzu.vmware.com/security/cve-2021-22060 third-party-advisory
https://www.cve.org/CVERecord?id=CVE-2021-22060 third-party-advisory
Multiples vulnérabilités dans Spring Framework advisory

Open in Interactive Console →