Miggo Logo
Miggo Vulnerability Database
CVE-2010-1622

CVE-2010-1622: Improper Control of Generation of Code ('Code Injection') in Spring Framework

6

CVSS Score

Basic Information

CVE ID
CVE-2010-1622
GHSA ID
GHSA-vpr3-f594-mg5g
EPSS Score
0.81319%
CWE
CWE-94
Published
5/17/2022
Updated
3/14/2024
KEV Status
No
Technology
TechnologyJava

Technical Details

CVSS Vector
AV:N/AC:M/Au:S/C:P/I:P/A:P
Package NameEcosystemVulnerable VersionsFirst Patched Version
org.springframework:springmaven>= 2.5.0, <= 2.5.62.5.7
org.springframework:springmaven>= 3.0.0, <= 3.0.23.0.3

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The analysis is based on the changes observed in the patch for CVE-2010-1622. The modifications to the CachedIntrospectionResults class, particularly the addition of a check to ignore the 'classLoader' property and the introduction of a new method to handle PropertyDescriptor objects, indicate that these functions were involved in the vulnerability.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

Sprin*Sour** Sprin* *r*m*work *.*.x ***or* *.*.*.S****, *.*.* ***or* *.*.*.SR**, *n* *.*.x ***or* *.*.* *llows r*mot* *tt**k*rs to *x**ut* *r*itr*ry *o** vi* *n *TTP r*qu*st *ont*inin* `*l*ss.*l*ssLo***r.URLs[*]=j*r:` *ollow** *y * URL o* * *r**t** .

Reasoning

T** *n*lysis is **s** on t** ***n**s o*s*rv** in t** p*t** *or *V*-****-****. T** mo*i*i**tions to t** `******Introsp**tionR*sults` *l*ss, p*rti*ul*rly t** ***ition o* * ****k to i*nor* t** '*l*ssLo***r' prop*rty *n* t** intro*u*tion o* * n*w m*t*o*