ALASTOMCAT9-2023-004

A flaw was found in Spring Framework, specifically within two modules called Spring MVC and Spring WebFlux, (transitively affected from Spring Beans), using parameter data binding. This flaw allows an attacker to pass specially-constructed malicious requests to certain parameters and possibly gain access to normally-restricted functionality within the Java Virtual Machine. (CVE-2022-22965)

noarch:
    tomcat-9.0.65-1.amzn2.0.1.noarch
    tomcat-admin-webapps-9.0.65-1.amzn2.0.1.noarch
    tomcat-docs-webapp-9.0.65-1.amzn2.0.1.noarch
    tomcat-jsvc-9.0.65-1.amzn2.0.1.noarch
    tomcat-jsp-2.3-api-9.0.65-1.amzn2.0.1.noarch
    tomcat-lib-9.0.65-1.amzn2.0.1.noarch
    tomcat-servlet-4.0-api-9.0.65-1.amzn2.0.1.noarch
    tomcat-el-3.0-api-9.0.65-1.amzn2.0.1.noarch
    tomcat-webapps-9.0.65-1.amzn2.0.1.noarch

src:
    tomcat-9.0.65-1.amzn2.0.1.src