Loading...

XML

Word

Printable

Type: Bug
Resolution: Fixed
Priority: Medium
Fix Version/s: 7.13.12, 7.19.3, 8.0.0
Affects Version/s: 7.13.9
Component/s: Security
Labels:

Support reference count:
4
Symptom Severity:
Severity 3 - Minor
UIS:
24
Bug Fix Policy:
View Atlassian Server bug fix policy

Issue Summary

spring-beans is vulnerable to CVE-2022-22970

This is reproducible on Data Center: (yes)

Steps to Reproduce

Install Confluence 7.13.9
Step 2

Expected Results

Expect that synchrony-proxy/WEB-INF/lib contains spring-beans-5.3.20.jar or higher

Actual Results

spring-beans-5.3.19.jar is present

Workaround

Currently there is no known workaround for this behavior. A workaround will be added here when available

follows: VULN-931241 Loading...

links to

Original (master branch) ticket on AsecJ > VULN

mentioned in: Page Loading...; Page Loading...

Assignee:: Relangi Satish (Inactive)

Reporter:: Richard Atkins

Votes:: 4 Vote for this issue

Watchers:: 16 Start watching this issue

Due:: 14/Dec/2022

Created:: 14/Sep/2022 6:31 AM

Updated:: 13/Jun/2023 9:12 AM

Resolved:: 05/Dec/2022 1:06 AM