CVE-2022-22970

MEDIUM LAB

Spring Framework < 5.2.22 - Denial of Service via File Upload Data Binding

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2022-22970. PoCs published by Performant-Labs.

AI-analyzed exploit summary This repository provides a Spring Boot application demonstrating CVE-2022-22970, a vulnerability in Spring Framework's URI handling. The PoC includes a vulnerable endpoint that processes user-controlled URIs without proper sanitization, potentially leading to SSRF or other attacks.

Description

In spring framework versions prior to 5.3.20+ , 5.2.22+ and old unsupported versions, applications that handle file uploads are vulnerable to DoS attack if they rely on data binding to set a MultipartFile or javax.servlet.Part to a field in a model object.

Exploits (1)

nomisec WORKING POC

by Performant-Labs · poc

https://github.com/Performant-Labs/CVE-2022-22970

View Code ZIP pw:eip

This repository provides a Spring Boot application demonstrating CVE-2022-22970, a vulnerability in Spring Framework's URI handling. The PoC includes a vulnerable endpoint that processes user-controlled URIs without proper sanitization, potentially leading to SSRF or other attacks.

Classification

Working Poc 90%

Attack Type

Ssrf

Complexity

Trivial

Reliability

Reliable

Target: Spring Framework (versions affected by CVE-2022-22970)

No auth needed

Prerequisites: Spring Framework vulnerable to CVE-2022-22970 · Network access to the target application

MITRE ATT&CK

T1189 - Drive-by Compromise

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Mitigation, Vendor Advisory x_refsource_misc

https://tanzu.vmware.com/security/cve-2022-22970

Patch, Third Party Advisory x_refsource_misc

https://www.oracle.com/security-alerts/cpujul2022.html

Third Party Advisory x_refsource_confirm

https://security.netapp.com/advisory/ntap-20220616-0006/

Scores

CVSS v3 5.3

EPSS 0.0016

EPSS Percentile 37.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

Lab Environment

COMMUNITY

Community Lab

docker pull mcr.microsoft.com/devcontainers/java:17-bullseye

https://github.com/Performant-Labs/CVE-2022-22970

View in Library

Details

CWE

CWE-770

Status published

Products (8)

netapp/active_iq_unified_manager (3 CPE variants)

netapp/brocade_san_navigator

netapp/cloud_secure_agent

netapp/oncommand_insight

oracle/financial_services_crime_and_compliance_management_studio 8.0.8.2.0

oracle/financial_services_crime_and_compliance_management_studio 8.0.8.3.0

org.springframework/spring-beans 0 - 5.2.22.RELEASEMaven

vmware/spring_framework < 5.2.21

Published May 12, 2022

Tracked Since Feb 18, 2026