Delphix Products

 View Only

Delphix Response to Recent News about Spring Framework Denial of Service Vulnerability

By Chris Price posted 05-26-2022 05:58:49 PM


We are aware of the recently reported denial of service (DoS) vulnerability in Spring Framework, reported as CVE-2022-22950. This vulnerability is only realized in cases where the Spring Expressions Language (SpEL) is in use (see both the announcement from and the analysis from Checkmarx).  Delphix products do not make use of SpEL and are not impacted by this vulnerability.


  • There is no impact to either the Delphix Virtualization (Continuous Data) engine or the Delphix Masking (Continuous Compliance) Engine.
  • There is no impact to Data Control Tower (DCT) SaaS.
  • There is no impact to Data Control Tower (DCT) Multi Cloud.