Published: 26/05/2023 Updated: 03/07/2023

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 0

In Spring Boot versions 3.0.0 - 3.0.6, 2.7.0 - 2.7.11, 2.6.0 - 2.6.14, 2.5.0 - 2.5.14 and older unsupported versions, there is potential for a denial-of-service (DoS) attack if Spring MVC is used together with a reverse proxy cache.

Vulnerable Product	Search on Vulmon	Subscribe to Product
vmware spring boot

Synopsis Important: Red Hat Build of OptaPlanner 8380 for Quarkus 2138 security update Type/Severity Security Advisory: Important Topic Red Hat Build of OptaPlanner 8380 for Quarkus 2138 release and securityupdate is now available The purpose of this text-only errata is to inform you about the security issues fixedRed Hat Product Se ...

Synopsis Important: Red Hat Integration Camel for Spring Boot 3201 Patch 1 release security update Type/Severity Security Advisory: Important Topic Red Hat Integration Camel for Spring Boot 3201 Patch 1 release and security update is now availableRed Hat Product Security has rated this update as having an impact of Important A Common Vu ...

Synopsis Critical: Red Hat Fuse 712 release and security update Type/Severity Security Advisory: Critical Topic A minor version update (from 711 to 712) is now available for Red Hat Fuse The purpose of this text-only errata is to inform you about the security issues fixed in this releaseRed Hat Product Security has rated this update as h ...

Synopsis Important: Red Hat Process Automation Manager 7134 security update Type/Severity Security Advisory: Important Topic An update is now available for Red Hat Process Automation ManagerRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base score, which ...

Synopsis Important: Red Hat Integration Camel for Spring Boot 3183 Patch 2 release Type/Severity Security Advisory: Important Topic Camel for Spring Boot 3183 Patch 2 release and security update is now availableRed Hat Product Security has rated this update as having an impact of Important A Common Vulnerability Scoring System (CVSS) ba ...

IB_tim12 Dependency check analyzed with owasp comgoogleapi-client: Updated to 220 spring-boot-starter-data-jdbc: CVE-2023-20863 - it is possible for a user to provide a specially crafted SpEL expression that may cause a denial-of-service (DoS) condition In our case, this part of dependency isn't being used spring-boot-starter-security: CVE-2023-20883 - there is pot

Certivus - Threat assessment using dependency check google-oauth-client-1312jar CVE-2021-22573 The vulnerability is that IDToken verifier does not verify if token is properly signed Signature verification makes sure that the token's payload comes from valid provider, not from someone else An attacker can provide a compromised token with custom payload The token will

CWE-400 https://spring.io/security/cve-2023-20883 https://security.netapp.com/advisory/ntap-20230703-0008/https://nvd.nist.gov https://access.redhat.com/errata/RHSA-2023:4200

CVE-2023-20883

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Github Repositories

References

Vulmon Search

About

Products

Connect