View Issue Details

Related ChangesetsJump to NotesJump to History
IDProjectCategoryView StatusDate SubmittedLast Update
0005248SymmetricDSBugpublic2022-03-31 17:392022-04-11 19:27
Reporterpmarzullo Assigned Topmarzullo  
Prioritynormal 
Status closedResolutionfixed 
Product Version3.10.13 
Target Version3.12.16Fixed in Version3.12.16 
Summary0005248: CVE-2022-22965: Spring Version needs to use 5.2.20.RELEASE or 5.3.18 in order to not be vulnerable to this security issue
DescriptionCVE-2022-22965
These are the requirements for the specific scenario from the report:

JDK 9 or higher
Apache Tomcat as the Servlet container
Packaged as a traditional WAR (in contrast to a Spring Boot executable jar)
spring-webmvc or spring-webflux dependency
Spring Framework versions 5.3.0 to 5.3.17, 5.2.0 to 5.2.19, and older versions
Tagssecurity

Relationships

related to 0005263 closedpmarzullo CVE-2022-22965: Spring Version needs to use 5.2.20.RELEASE or 5.3.18 in order to not be vulnerable to this security issue 

Activities

pmarzullo

2022-03-31 20:56

developer   ~0002066

Also pulled into 3.10, 3.11, 3.13, and 3.14

Related Changesets

SymmetricDS: 3.11 4f95f4c7

2022-03-31 19:44:59

pmarzullo

Details Diff 		0005248: CVE-2022-22965: Spring Version needs to use 5.2.20.RELEASE in
order to not be vulnerable to this security issue		 Affected Issues
0005248
mod - symmetric-assemble/common.gradle Diff File

SymmetricDS: 3.12 def82d11

2022-03-31 20:20:52

pmarzullo

Details Diff 		0005248: CVE-2022-22965: Spring Version needs to use 5.2.20.RELEASE in
order to not be vulnerable to this security issue		 Affected Issues
0005248
mod - symmetric-assemble/common.gradle Diff File

SymmetricDS: 3.13 84966c8d

2022-03-31 20:52:57

pmarzullo

Details Diff 		0005248: CVE-2022-22965: Spring Version needs to use 5.2.20.RELEASE or
5.3.18 in order to not be vulnerable to this security issue		 Affected Issues
0005248
mod - symmetric-assemble/common.gradle Diff File

SymmetricDS: 3.14 6a49cd6d

2022-03-31 20:55:46

pmarzullo

Details Diff 		0005248: CVE-2022-22965: Spring Version needs to use 5.2.20.RELEASE or
5.3.18 in order to not be vulnerable to this security issue		 Affected Issues
0005248
mod - symmetric-assemble/common.gradle Diff File

Issue History

Date Modified Username Field Change
2022-03-31 17:39 pmarzullo New Issue
2022-03-31 17:39 pmarzullo Status new => assigned
2022-03-31 17:39 pmarzullo Assigned To => pmarzullo
2022-03-31 17:39 pmarzullo Tag Attached: security
2022-03-31 20:00 pmarzullo Changeset attached => SymmetricDS 3.11 4f95f4c7
2022-03-31 20:21 pmarzullo Summary CVE-2022-22965: Spring Version needs to use 5.2.20.RELEASE in order to not be vulnerable to this security issue => CVE-2022-22965: Spring Version needs to use 5.2.20.RELEASE or 5.3.18 in order to not be vulnerable to this security issue
2022-03-31 20:56 pmarzullo Status assigned => resolved
2022-03-31 20:56 pmarzullo Resolution open => fixed
2022-03-31 20:56 pmarzullo Fixed in Version => 3.12.16
2022-03-31 20:56 pmarzullo Note Added: 0002066
2022-03-31 21:00 pmarzullo Changeset attached => SymmetricDS 3.12 def82d11
2022-03-31 21:00 pmarzullo Changeset attached => SymmetricDS 3.13 84966c8d
2022-03-31 21:00 pmarzullo Changeset attached => SymmetricDS 3.14 6a49cd6d
2022-04-08 17:42 elong Issue cloned: 0005263
2022-04-08 17:42 elong Relationship added related to 0005263
2022-04-11 19:27 admin Status resolved => closed