CVE-2022-22970 - Spring Framework DoS via Data Binding to MultipartFile or Servlet Part

569 Views Asked by At

This issue was brought up recently but there are no mention anywhere on how to fix it in older spring versions. (< 5.x) other than upgrade to latest Spring jar. Currently our web-app is using 4.1.5.

The article merely states Older, unsupported versions are also affected but no mention on how to fix those. Spring website doesn't mention a fix.

Upgrade to latest spring is not an option for now. If no other solutions to this problem, another approach will be to replace Spring MultipartFile with Apache Commons File Upload.

CVE 22970

0

There are 0 best solutions below