You are viewing the documentation for Blueriq 13. Documentation for other versions is available in our documentation directory.

Identifier

Component

Issue

Solution

BQ-15778

Runtime, Customerdata, DCM Lists

CVE-2022-22968 is a follow up CVE from CVE-2022-22965. The issue is caused by the disallowedFields property in a DataBinder being case sensitive which means a field was not effectively protected unless patterns were registered with both upper and lower case for the first character of the field, including all combinations of upper and lower case for the first character of all nested fields within the property path.

Upgraded spring-framework to the version where this issue is fixed.

  • No labels

Didn't find the answer you were looking for? Try the advanced search