Published: 13/04/2023 Updated: 21/04/2023

CVSS v3 Base Score: 6.5 | Impact Score: 3.6 | Exploitability Score: 2.8

VMScore: 0

In spring framework versions before 5.2.24 release+ ,5.3.27+ and 6.0.8+ , it is possible for a user to provide a specially crafted SpEL expression that may cause a denial-of-service (DoS) condition.

Vulnerable Product	Search on Vulmon	Subscribe to Product
vmware spring framework

Synopsis Important: Red Hat Integration Camel for Spring Boot 3183 Patch 1 security update Type/Severity Security Advisory: Important Topic A patch is now available for Camel for Spring Boot 3183 The purpose of this text-only errata is to inform you about the security issues fixed in this releaseRed Hat Product Security has rated this u ...

DescriptionThe MITRE CVE dictionary describes this issue as: In spring framework versions prior to 5224 release+ ,5327+ and 608+ , it is possible for a user to provide a specially crafted SpEL expression that may cause a denial-of-service (DoS) condition ...

IB_tim12 Dependency check analyzed with owasp comgoogleapi-client: Updated to 220 spring-boot-starter-data-jdbc: CVE-2023-20863 - it is possible for a user to provide a specially crafted SpEL expression that may cause a denial-of-service (DoS) condition In our case, this part of dependency isn't being used spring-boot-starter-security: CVE-2023-20883 - there is pot

CWE-917 https://spring.io/security/cve-2023-20863 https://access.redhat.com/errata/RHSA-2023:2099 https://nvd.nist.gov https://access.redhat.com/security/cve/cve-2023-20863

CVE-2023-20863

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Github Repositories

References

Vulmon Search

About

Products

Connect