Applications that evaluate user-supplied Spring Expression Language (SpEL) expressions are vulnerable to an Algorithmic Denial of Service (DoS). By providing a specially crafted expression, an attacker can trigger excessive resource consumption during evaluation, leading to application degradation or unavailability. Affected versions: Spring Framework 7.0.0 through 7.0.7; 6.2.0 through 6.2.18; 6.1.0 through 6.1.27; 5.3.0 through 5.3.48.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HVMware Spring Framework
APPVmware5.3.0 – 5.3.49 (bez)6.1.0 – 6.1.28 (bez)6.2.0 – 6.2.19 (bez)7.0.0 – 7.0.8 (bez)
Related vulnerabilities
A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) ...
An issue in Dromara SaToken version 1.36.0 and before allows a remote attacker to escalate privileges via a cr...
Pivotal Spring Framework through 5.3.16 suffers from a potential remote code execution (RCE) issue if used for...
Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.16 and older unsupported versions,...
Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions,...