Home
MEDIUM: 5.7 CVSS:3.1/AV:P/AC:L/PR:L/UI:R/S:C/C:N/I:L/A:HDefault status
unaffected
3.2.0 (custom) before 3.2.16
affected
4.1.0 (custom) before 4.1.10
affected
4.2.0 (custom) before 4.2.6
affected
4.3.0 (custom) before 4.3.3
affected
5.0.0 (custom) before 5.0.2
affected
Description
Under infinite recursion in the routing layer, request-handling can cause OOM error. Affected Spring Products and Versions: Spring Cloud Function 3.2.x: versions prior to 3.2.16 Spring Cloud Function 4.1.x: versions prior to 4.1.10 Spring Cloud Function 4.2.x: versions prior to 4.2.6 Spring Cloud Function 4.3.x: versions prior to 4.3.3 Spring Cloud Function 5.0.x: versions prior to 5.0.2 Older, unsupported versions are also affected.
Problem types
CWE-674 Uncontrolled Recursion
Product status
3.2.0 (custom) before 3.2.16
4.1.0 (custom) before 4.1.10
4.2.0 (custom) before 4.2.6
4.3.0 (custom) before 4.3.3
5.0.0 (custom) before 5.0.2
References
spring.io/security/cve-2026-40989