Uploaded image for project: 'Confluence Data Center'
  1. Confluence Data Center
  2. CONFSERVER-79940

Synchrony Proxy: spring-beans 5.3.19 is vulnerable to CVE-2022-22970

    XMLWordPrintable

Details

    Description

      Issue Summary

      spring-beans is vulnerable to CVE-2022-22970

      This is reproducible on Data Center: (yes)

      Steps to Reproduce

      1. Install Confluence 7.13.9
      2. Step 2

      Expected Results

      Expect that synchrony-proxy/WEB-INF/lib contains spring-beans-5.3.20.jar or higher

      Actual Results

      spring-beans-5.3.19.jar is present

      Workaround

      Currently there is no known workaround for this behavior. A workaround will be added here when available

      Attachments

        Issue Links

          follows

          VULN-931241 Loading...

          links to

          Web Link Original (master branch) ticket on AsecJ > VULN

          mentioned in

          Page Loading...

          Page Loading...

          Activity

            People

              15ffccded09d Relangi Satish
              richatkins Richard Atkins
              Votes:
              4 Vote for this issue
              Watchers:
              16 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: