Home
MEDIUM: 5.7 CVSS:3.1/AV:P/AC:L/PR:L/UI:R/S:C/C:N/I:L/A:HDefault status
unaffected
3.2.0 (custom) before 3.2.16
affected
4.1.0 (custom) before 4.1.10
affected
4.2.0 (custom) before 4.2.6
affected
4.3.0 (custom) before 4.3.3
affected
5.0.0 (custom) before 5.0.2
affected
Description
OOM error is possible while attempting to add infinite amount of functions to Function Registry. Affected Spring Products and Versions: Spring Cloud Function 3.2.x: versions prior to 3.2.16 Spring Cloud Function 4.1.x: versions prior to 4.1.10 Spring Cloud Function 4.2.x: versions prior to 4.2.6 Spring Cloud Function 4.3.x: versions prior to 4.3.3 Spring Cloud Function 5.0.x: versions prior to 5.0.2 Older, unsupported versions are also affected.
Problem types
CWE-770 Allocation of Resources Without Limits or Throttling
Product status
3.2.0 (custom) before 3.2.16
4.1.0 (custom) before 4.1.10
4.2.0 (custom) before 4.2.6
4.3.0 (custom) before 4.3.3
5.0.0 (custom) before 5.0.2
References
spring.io/security/cve-2026-40990