search cancel

CVE-2022-22950 Spring Framework Vulnerability

book

Article ID: 256593

calendar_today

Updated On:

Products

CA API Gateway

Issue/Introduction

Spring Framework versions 5.3.0 to 5.3.16 are impacted by this CVE-2022-22950 vulnerability.

Gateway 10.1 has the 5.3.5 Spring Framework version.

Environment

Release: 10.1

Resolution

The Gateway does not use the Spring Framework functionality and as a result, the Gateway is not impacted by this vulnerability.

Additional Information

This vulnerability is addressed in Spring Framework 5.3.17 version. The next major version release of Gateway should have the updated Spring Framework version.