{"vulnerability": "CVE-2022-22971", "sightings": [{"uuid": "7192da98-1411-4497-a351-63ff80501c1c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-22971", "type": "seen", "source": "https://t.me/arpsyndicate/3124", "content": "#ExploitObserverAlert\n\nCVE-2022-22971\n\nDESCRIPTION: Exploit Observer has 6 entries in 4 file formats related to CVE-2022-22971. In spring framework versions prior to 5.3.20+ , 5.2.22+ and old unsupported versions, application with a STOMP over WebSocket endpoint is vulnerable to a denial of service attack by an authenticated user.\n\nFIRST-EPSS: 0.006290000\nNVD-IS: 3.6\nNVD-ES: 2.8", "creation_timestamp": "2024-01-28T00:01:04.000000Z"}, {"uuid": "37eb46fa-343d-4d5d-8025-0bc9a801f5dd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-22971", "type": "published-proof-of-concept", "source": "https://t.me/crackcodes/1538", "content": "#exploit\n1. CVE-2022-39425:\nVulnerability in Oracle VM VirtualBox <6.1.40 (Core)\nhttps://github.com/bob11vrdp/CVE-2022-39425\n\n2. Analysis and exploitation of an uninitialized pointer vulnerability affecting certain TP-LINK routers\nhttps://github.com/b1ack0wl/vulnerability-write-ups/blob/master/TP-Link/WR940N/112022/Part1.md\n\n3. CVE-2022-22971:\nSpring Framework DoS with STOMP over WebSocket\nhttps://github.com/tchize/CVE-2022-22971", "creation_timestamp": "2022-11-28T14:39:34.000000Z"}, {"uuid": "72f90288-d27c-4615-948f-d3adf7878f76", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-22971", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/7259", "content": "#exploit\n1. CVE-2022-39425:\nVulnerability in Oracle VM VirtualBox <6.1.40 (Core)\nhttps://github.com/bob11vrdp/CVE-2022-39425\n\n2. Analysis and exploitation of an uninitialized pointer vulnerability affecting certain TP-LINK routers\nhttps://github.com/b1ack0wl/vulnerability-write-ups/blob/master/TP-Link/WR940N/112022/Part1.md\n\n3. CVE-2022-22971:\nSpring Framework DoS with STOMP over WebSocket\nhttps://github.com/tchize/CVE-2022-22971", "creation_timestamp": "2022-11-28T11:00:21.000000Z"}, {"uuid": "0828630c-d5c6-41a5-bc07-7e0ad9fa5014", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-22971", "type": "seen", "source": "https://t.me/cibsecurity/42556", "content": "\u203c CVE-2022-22971 \u203c\n\nIn spring framework versions prior to 5.3.20+ , 5.2.22+ and old unsupported versions, application with a STOMP over WebSocket endpoint is vulnerable to a denial of service attack by an authenticated user.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-05-13T00:42:17.000000Z"}]}