Synchrony Proxy: spring-beans 5.3.19 is vulnerable to CVE-2022-22970

XMLWordPrintable

    • 4
    • Severity 3 - Minor
    • 24

      Issue Summary

      spring-beans is vulnerable to CVE-2022-22970

      This is reproducible on Data Center: (yes)

      Steps to Reproduce

      1. Install Confluence 7.13.9
      2. Step 2

      Expected Results

      Expect that synchrony-proxy/WEB-INF/lib contains spring-beans-5.3.20.jar or higher

      Actual Results

      spring-beans-5.3.19.jar is present

      Workaround

      Currently there is no known workaround for this behavior. A workaround will be added here when available

            Assignee:
            Relangi Satish (Inactive)
            Reporter:
            Richard Atkins
            Votes:
            4 Vote for this issue
            Watchers:
            16 Start watching this issue

              Created:
              Updated:
              Resolved: