{"schema_version":"1.7.2","id":"OESA-2025-1557","modified":"2025-05-23T14:00:36Z","published":"2025-05-23T14:00:36Z","upstream":["CVE-2022-22950"],"summary":"springframework security update","details":"The spring is based on code pubilshed in Expert One-on-One J2EE Design and Dvelopment by Rod Johnson (Wrox, 2002).it is a layered Java/J2ee application framework.\r\n\r\nSecurity Fix(es):\n\nn Spring Framework versions 5.3.0 - 5.3.16 and older unsupported versions, it is possible for a user to provide a specially crafted SpEL expression that may cause a denial of service condition.(CVE-2022-22950)","affected":[{"package":{"ecosystem":"openEuler:22.03-LTS-SP3","name":"springframework","purl":"pkg:rpm/openEuler/springframework\u0026distro=openEuler-22.03-LTS-SP3"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.2.18-14.oe2203sp3"}]}],"ecosystem_specific":{"noarch":["springframework-3.2.18-14.oe2203sp3.noarch.rpm","springframework-aop-3.2.18-14.oe2203sp3.noarch.rpm","springframework-beans-3.2.18-14.oe2203sp3.noarch.rpm","springframework-context-3.2.18-14.oe2203sp3.noarch.rpm","springframework-expression-3.2.18-14.oe2203sp3.noarch.rpm","springframework-help-3.2.18-14.oe2203sp3.noarch.rpm","springframework-instrument-3.2.18-14.oe2203sp3.noarch.rpm","springframework-jdbc-3.2.18-14.oe2203sp3.noarch.rpm","springframework-jms-3.2.18-14.oe2203sp3.noarch.rpm","springframework-orm-3.2.18-14.oe2203sp3.noarch.rpm","springframework-orm-hibernate4-3.2.18-14.oe2203sp3.noarch.rpm","springframework-oxm-3.2.18-14.oe2203sp3.noarch.rpm","springframework-tx-3.2.18-14.oe2203sp3.noarch.rpm","springframework-web-3.2.18-14.oe2203sp3.noarch.rpm"],"src":["springframework-3.2.18-14.oe2203sp3.src.rpm"]}},{"package":{"ecosystem":"openEuler:22.03-LTS-SP4","name":"springframework","purl":"pkg:rpm/openEuler/springframework\u0026distro=openEuler-22.03-LTS-SP4"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.2.18-14.oe2203sp4"}]}],"ecosystem_specific":{"noarch":["springframework-3.2.18-14.oe2203sp4.noarch.rpm","springframework-aop-3.2.18-14.oe2203sp4.noarch.rpm","springframework-beans-3.2.18-14.oe2203sp4.noarch.rpm","springframework-context-3.2.18-14.oe2203sp4.noarch.rpm","springframework-expression-3.2.18-14.oe2203sp4.noarch.rpm","springframework-help-3.2.18-14.oe2203sp4.noarch.rpm","springframework-instrument-3.2.18-14.oe2203sp4.noarch.rpm","springframework-jdbc-3.2.18-14.oe2203sp4.noarch.rpm","springframework-jms-3.2.18-14.oe2203sp4.noarch.rpm","springframework-orm-3.2.18-14.oe2203sp4.noarch.rpm","springframework-orm-hibernate4-3.2.18-14.oe2203sp4.noarch.rpm","springframework-oxm-3.2.18-14.oe2203sp4.noarch.rpm","springframework-tx-3.2.18-14.oe2203sp4.noarch.rpm","springframework-web-3.2.18-14.oe2203sp4.noarch.rpm"],"src":["springframework-3.2.18-14.oe2203sp4.src.rpm"]}},{"package":{"ecosystem":"openEuler:24.03-LTS","name":"springframework","purl":"pkg:rpm/openEuler/springframework\u0026distro=openEuler-24.03-LTS"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.2.18-15.oe2403sp1"}]}],"ecosystem_specific":{"noarch":["springframework-3.2.18-15.oe2403.noarch.rpm","springframework-aop-3.2.18-15.oe2403.noarch.rpm","springframework-beans-3.2.18-15.oe2403.noarch.rpm","springframework-context-3.2.18-15.oe2403.noarch.rpm","springframework-expression-3.2.18-15.oe2403.noarch.rpm","springframework-help-3.2.18-15.oe2403.noarch.rpm","springframework-instrument-3.2.18-15.oe2403.noarch.rpm","springframework-jdbc-3.2.18-15.oe2403.noarch.rpm","springframework-jms-3.2.18-15.oe2403.noarch.rpm","springframework-orm-3.2.18-15.oe2403.noarch.rpm","springframework-orm-hibernate4-3.2.18-15.oe2403.noarch.rpm","springframework-oxm-3.2.18-15.oe2403.noarch.rpm","springframework-tx-3.2.18-15.oe2403.noarch.rpm","springframework-web-3.2.18-15.oe2403.noarch.rpm","springframework-3.2.18-15.oe2403sp1.noarch.rpm","springframework-aop-3.2.18-15.oe2403sp1.noarch.rpm","springframework-beans-3.2.18-15.oe2403sp1.noarch.rpm","springframework-context-3.2.18-15.oe2403sp1.noarch.rpm","springframework-expression-3.2.18-15.oe2403sp1.noarch.rpm","springframework-help-3.2.18-15.oe2403sp1.noarch.rpm","springframework-instrument-3.2.18-15.oe2403sp1.noarch.rpm","springframework-jdbc-3.2.18-15.oe2403sp1.noarch.rpm","springframework-jms-3.2.18-15.oe2403sp1.noarch.rpm","springframework-orm-3.2.18-15.oe2403sp1.noarch.rpm","springframework-orm-hibernate4-3.2.18-15.oe2403sp1.noarch.rpm","springframework-oxm-3.2.18-15.oe2403sp1.noarch.rpm","springframework-tx-3.2.18-15.oe2403sp1.noarch.rpm","springframework-web-3.2.18-15.oe2403sp1.noarch.rpm"],"src":["springframework-3.2.18-15.oe2403.src.rpm","springframework-3.2.18-15.oe2403sp1.src.rpm"]}},{"package":{"ecosystem":"openEuler:24.03-LTS-SP1","name":"springframework","purl":"pkg:rpm/openEuler/springframework\u0026distro=openEuler-24.03-LTS-SP1"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.2.18-15.oe2403sp1"}]}],"ecosystem_specific":{"noarch":["springframework-3.2.18-15.oe2403sp1.noarch.rpm","springframework-aop-3.2.18-15.oe2403sp1.noarch.rpm","springframework-beans-3.2.18-15.oe2403sp1.noarch.rpm","springframework-context-3.2.18-15.oe2403sp1.noarch.rpm","springframework-expression-3.2.18-15.oe2403sp1.noarch.rpm","springframework-help-3.2.18-15.oe2403sp1.noarch.rpm","springframework-instrument-3.2.18-15.oe2403sp1.noarch.rpm","springframework-jdbc-3.2.18-15.oe2403sp1.noarch.rpm","springframework-jms-3.2.18-15.oe2403sp1.noarch.rpm","springframework-orm-3.2.18-15.oe2403sp1.noarch.rpm","springframework-orm-hibernate4-3.2.18-15.oe2403sp1.noarch.rpm","springframework-oxm-3.2.18-15.oe2403sp1.noarch.rpm","springframework-tx-3.2.18-15.oe2403sp1.noarch.rpm","springframework-web-3.2.18-15.oe2403sp1.noarch.rpm"],"src":["springframework-3.2.18-15.oe2403sp1.src.rpm"]}},{"package":{"ecosystem":"openEuler:20.03-LTS-SP4","name":"springframework","purl":"pkg:rpm/openEuler/springframework\u0026distro=openEuler-20.03-LTS-SP4"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.2.18-13.oe2003sp4"}]}],"ecosystem_specific":{"noarch":["springframework-3.2.18-13.oe2003sp4.noarch.rpm","springframework-aop-3.2.18-13.oe2003sp4.noarch.rpm","springframework-beans-3.2.18-13.oe2003sp4.noarch.rpm","springframework-context-3.2.18-13.oe2003sp4.noarch.rpm","springframework-expression-3.2.18-13.oe2003sp4.noarch.rpm","springframework-help-3.2.18-13.oe2003sp4.noarch.rpm","springframework-instrument-3.2.18-13.oe2003sp4.noarch.rpm","springframework-jdbc-3.2.18-13.oe2003sp4.noarch.rpm","springframework-jms-3.2.18-13.oe2003sp4.noarch.rpm","springframework-orm-3.2.18-13.oe2003sp4.noarch.rpm","springframework-orm-hibernate4-3.2.18-13.oe2003sp4.noarch.rpm","springframework-oxm-3.2.18-13.oe2003sp4.noarch.rpm","springframework-tx-3.2.18-13.oe2003sp4.noarch.rpm","springframework-web-3.2.18-13.oe2003sp4.noarch.rpm"],"src":["springframework-3.2.18-13.oe2003sp4.src.rpm"]}}],"references":[{"type":"ADVISORY","url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-1557"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-22950"}],"database_specific":{"severity":"Medium"}}