CVE-2022-22979: 
Java vulnerability analysis and mitigation

Spring Cloud Function versions prior to 3.2.6 contain a denial-of-service vulnerability (CVE-2022-22979) that was disclosed on June 15, 2022. The vulnerability affects the Function Catalog component of the framework and is specifically exploitable through the spring-cloud-function-web module. This security issue allows users who directly interact with framework-provided lookup functionality to cause a denial-of-service condition (Spring Advisory, NVD).

The vulnerability has been assigned a CVSS 3.1 Base Score of 7.5 (HIGH) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H. The issue stems from a caching problem in the Function Catalog component, specifically affecting the framework's lookup functionality. The vulnerability is classified under CWE-770 (Allocation of Resources Without Limits or Throttling) (NVD).

When successfully exploited, this vulnerability can result in a denial-of-service condition affecting the Spring Cloud Function service. The impact is limited to availability, with no direct effects on confidentiality or integrity of the system (Spring Advisory).

The recommended mitigation is to upgrade to Spring Cloud Function version 3.2.6 or later, which contains the fix for this vulnerability. No additional mitigation steps are necessary beyond the version upgrade (Spring Advisory).