Security Advisory

CVE-2022-22968

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2022-04-14 20:05:50

Last updated 2024-08-03 03:28:42

Assigner vmware

State PUBLISHED

Description

In Spring Framework versions 5.3.0 - 5.3.18, 5.2.0 - 5.2.20, and older unsupported versions, the patterns for disallowedFields on a DataBinder are case sensitive which means a field is not effectively protected unless it is listed with both upper and lower case for the first character of the field, including upper and lower case for the first character of all nested fields within the property path.

← Browse all CVEs View on cve.org ↗