Overview
About vulnerability
An attacker can craft a large number of unique requests that trigger a failure, exhausting the capacity of the application-wide stateful retry cache. Once the cache is full, it permanently rejects any further updates, causing all later stateful retries and circuit breakers in the application to fail.
Affected versions: Spring Retry 2.0.0 through 2.0.12; 1.3.0 through 1.3.4.
Details
- Affected product:
- Spring
- Affected packages:
- Spring Retry @ 1.3.4 (+250 more)
An attacker can craft a large number of unique requests that trigger a failure, exhausting the capacity of the application-wide stateful retry cache. Once the cache is full, it permanently rejects any further updates, causing all later stateful retries and circuit breakers in the application to fail.
Affected versions: Spring Retry 2.0.0 through 2.0.12; 1.3.0 through 1.3.4.