How severe is CVE-2022-22968?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.3 out of 10.

What type of vulnerability is CVE-2022-22968?

This is classified as CWE-178, which is a common weakness in software security.

CVE-2022-22968

MEDIUM Year: 2022

CVSS v3 Score

5.3

Medium

CVSS v2 Score

5.0

Medium

Weakness Type

CWE-178

View all →

Vulnerability Description

In Spring Framework versions 5.3.0 - 5.3.18, 5.2.0 - 5.2.20, and older unsupported versions, the patterns for disallowedFields on a DataBinder are case sensitive which means a field is not effectively protected unless it is listed with both upper and lower case for the first character of the field, including upper and lower case for the first character of all nested fields within the property path.

CVE-2018-8337

MEDIUM

CVSS:5.3(Medium)

A security feature bypass vulnerability exists when Windows Subsystem for Linux improperly handles case sensitivity, aka "Windows Subsystem for Linux Security Feature Bypass Vulnerability." This affec...

CWE-1782018

CVE-2024-38820

MEDIUM

CVSS:5.3(Medium)

The fix for CVE-2022-22968 made disallowedFields patterns in DataBinder case insensitive. However, String.toLowerCase() has some Locale dependent exceptions that could potentially result in fields not...

CWE-1782024

CVE-2024-6866

MEDIUM

CVSS:5.3(Medium)

corydolphin/flask-cors version 4.01 contains a vulnerability where the request path matching is case-insensitive due to the use of the `try_match` function, which is originally intended for matching h...

CWE-1782024

CVE-2017-8493

MEDIUM

CVSS:5.5(Medium)

Microsoft Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an attacker to set variables that are either read-only or require...

CWE-1782017

CVE-2021-0973

MEDIUM

CVSS:5.0(Medium)

In isFileUri of UriUtil.java, there is a possible way to bypass ignoring file://URI attachment due to improper handling of case sensitivity. This could lead to local information disclosure with no add...

CWE-1782021

CVE-2025-27636

MEDIUM

CVSS:5.6(Medium)

Bypass/Injection vulnerability in Apache Camel components under particular conditions. This issue affects Apache Camel: from 4.10.0 through <= 4.10.1, from 4.8.0 through <= 4.8.4, from 3.10.0 through ...

CWE-1782025

CVE-2022-22968

Vulnerability Description

Related Vulnerabilities

CVE-2018-8337

CVE-2024-38820

CVE-2024-6866

CVE-2017-8493

CVE-2021-0973

CVE-2025-27636