Published: 22/01/2024 Updated: 29/01/2024

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 0

In Spring Framework versions 6.0.15 and 6.1.2, it is possible for a user to provide specially crafted HTTP requests that may cause a denial-of-service (DoS) condition. Specifically, an application is vulnerable when all of the following are true: * the application uses Spring MVC * Spring Security 6.1.6+ or 6.2.1+ is on the classpath Typically, Spring Boot applications need the org.springframework.boot:spring-boot-starter-web and org.springframework.boot:spring-boot-starter-security dependencies to meet all conditions.

Vulnerable Product	Search on Vulmon	Subscribe to Product
vmware spring framework 6.1.2
vmware spring framework 6.0.15

DescriptionA flaw was found in the Spring Framework This issue may allow a remote user to provide specially crafted HTTP requests, leading the application to a Denial of Service (DoS) An application may be considered vulnerable if it meets the both conditions: The application uses Spring MVC and Spring Security versions 616, 621, or ab ...

NVD-CWE-noinfo https://spring.io/security/cve-2024-22233/https://nvd.nist.gov https://access.redhat.com/security/cve/cve-2024-22233

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2024-22233

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect