In Vmware Spring Cloud Function versions 3.2.5 and older unsupported versions, it is possible for a user who directly interacts with framework provided lookup functionality to cause denial of service condition due to the caching issue in Function Catalog component of the framework. At the time of writing of this CVE such interaction is only possible via spring-cloud-function-web module.
Successful exploitation of these vulnerabilities may result in denial-of-service condition. The effected versions are spring cloud version 3.2.5 older, unsupported versions are also affected.
At the time of writing of this CVE such interaction is only possible via spring-cloud-function-web module.
Applying the security update from the below link will remediate the above mentioned vulnerabilitis.
Mitigation for VMware Spring Cloud Function
Users of affected versions should upgrade to 3.2.6. Releases that have fixed this issue include:
- Spring Cloud Function