Search criteria
3 vulnerabilities found for Cloud Function Framework by Spring
CERTFR-2026-AVI-0554
Vulnerability from certfr_avis - Published: 2026-05-11 - Updated: 2026-05-11
De multiples vulnérabilités ont été découvertes dans les produits Spring. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Spring | Spring AI | Spring versions 1.0.x antérieures à 1.0.7 | ||
| Spring | Cloud Function Framework | Cloud Function versions 4.3.x antérieures à 4.3.3 | ||
| Spring | Cloud Function Framework | Cloud Function versions 4.2.x antérieures à 4.2.6 | ||
| Spring | Cloud Function Framework | Cloud Function versions 4.1.x antérieures à 4.1.10 | ||
| Spring | Cloud Function Framework | Cloud Function versions 3.2.x antérieures à 3.2.16 | ||
| Spring | Cloud Function Framework | Cloud Function versions 5.0.x antérieures à 5.0.2 | ||
| Spring | Spring AI | Spring versions 1.1.x antérieures à 1.1.6 |
References
| Title | Publication Time | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Spring versions 1.0.x ant\u00e9rieures \u00e0 1.0.7",
"product": {
"name": "Spring AI",
"vendor": {
"name": "Spring",
"scada": false
}
}
},
{
"description": "Cloud Function versions 4.3.x ant\u00e9rieures \u00e0 4.3.3",
"product": {
"name": "Cloud Function Framework",
"vendor": {
"name": "Spring",
"scada": false
}
}
},
{
"description": "Cloud Function versions 4.2.x ant\u00e9rieures \u00e0 4.2.6",
"product": {
"name": "Cloud Function Framework",
"vendor": {
"name": "Spring",
"scada": false
}
}
},
{
"description": "Cloud Function versions 4.1.x ant\u00e9rieures \u00e0 4.1.10",
"product": {
"name": "Cloud Function Framework",
"vendor": {
"name": "Spring",
"scada": false
}
}
},
{
"description": "Cloud Function versions 3.2.x ant\u00e9rieures \u00e0 3.2.16",
"product": {
"name": "Cloud Function Framework",
"vendor": {
"name": "Spring",
"scada": false
}
}
},
{
"description": "Cloud Function versions 5.0.x ant\u00e9rieures \u00e0 5.0.2",
"product": {
"name": "Cloud Function Framework",
"vendor": {
"name": "Spring",
"scada": false
}
}
},
{
"description": "Spring versions 1.1.x ant\u00e9rieures \u00e0 1.1.6",
"product": {
"name": "Spring AI",
"vendor": {
"name": "Spring",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2026-40989",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-40989"
},
{
"name": "CVE-2026-41705",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-41705"
},
{
"name": "CVE-2026-41713",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-41713"
},
{
"name": "CVE-2026-41712",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-41712"
},
{
"name": "CVE-2026-40990",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-40990"
}
],
"initial_release_date": "2026-05-11T00:00:00",
"last_revision_date": "2026-05-11T00:00:00",
"links": [],
"reference": "CERTFR-2026-AVI-0554",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2026-05-11T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Spring. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Spring",
"vendor_advisories": [
{
"published_at": "2026-05-08",
"title": "Bulletin de s\u00e9curit\u00e9 Spring cve-2026-41712",
"url": "https://spring.io/security/cve-2026-41712"
},
{
"published_at": "2026-05-08",
"title": "Bulletin de s\u00e9curit\u00e9 Spring cve-2026-40990",
"url": "https://spring.io/security/cve-2026-40990"
},
{
"published_at": "2026-05-08",
"title": "Bulletin de s\u00e9curit\u00e9 Spring cve-2026-41705",
"url": "https://spring.io/security/cve-2026-41705"
},
{
"published_at": "2026-05-08",
"title": "Bulletin de s\u00e9curit\u00e9 Spring cve-2026-41713",
"url": "https://spring.io/security/cve-2026-41713"
},
{
"published_at": "2026-05-08",
"title": "Bulletin de s\u00e9curit\u00e9 Spring cve-2026-40989",
"url": "https://spring.io/security/cve-2026-40989"
}
]
}
CERTFR-2024-AVI-0507
Vulnerability from certfr_avis - Published: - Updated:
Une vulnérabilités a été découverte dans Spring Cloud Function. Elle permet à un attaquant de provoquer un déni de service à distance.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Spring | Cloud Function Framework | Cloud Function Framework versions 4.0.x antérieures à 4.0.8 | ||
| Spring | Cloud Function Framework | Cloud Function Framework versions 4.1.x antérieures à 4.1.2 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Cloud Function Framework versions 4.0.x ant\u00e9rieures \u00e0 4.0.8",
"product": {
"name": "Cloud Function Framework",
"vendor": {
"name": "Spring",
"scada": false
}
}
},
{
"description": "Cloud Function Framework versions 4.1.x ant\u00e9rieures \u00e0 4.1.2",
"product": {
"name": "Cloud Function Framework",
"vendor": {
"name": "Spring",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2024-22271",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22271"
}
],
"links": [],
"reference": "CERTFR-2024-AVI-0507",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-06-20T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9s a \u00e9t\u00e9 d\u00e9couverte dans Spring Cloud Function. Elle permet \u00e0 un attaquant de provoquer un d\u00e9ni de service \u00e0 distance.",
"title": "Vuln\u00e9rabilit\u00e9 dans Spring Cloud Function",
"vendor_advisories": [
{
"published_at": "2024-06-19",
"title": "Bulletin de s\u00e9curit\u00e9 Spring cve-2024-22271",
"url": "https://spring.io/security/cve-2024-22271"
}
]
}