1. Home
  2. Vulnerabilities
  3. CVE-2023-34053

CVE-2023-34053

CVSS v3.1 7.5 (High)
75% Progress
EPSS 0.05 % (17th)
0.05% Progress
Affected Products 1
Advisories 1
Info CVSS EPSS Affected Configurations References Security Advisories Packages & Software Tools, Exploits & PoC Graph Web & Social Timeline

In Spring Framework versions 6.0.0 - 6.0.13, it is possible for a user to provide specially crafted HTTP requests that may cause a denial-of-service (DoS) condition.

Specifically, an application is vulnerable when all of the following are true:

  • the application uses Spring MVC or Spring WebFlux
  • io.micrometer:micrometer-core is on the classpath
  • an ObservationRegistry is configured in the application to record observations

Typically, Spring Boot applications need the org.springframework.boot:spring-boot-actuator dependency to meet all conditions.

Weaknesses
CWE-NVD-noinfo
CVE Status
PUBLISHED
CNA
VMware
Published Date
2023-11-28 09:15:06
(9 months ago)
Updated Date
2023-12-14 10:15:07
(9 months ago)

Affected Products

Vmware

Configuration #1

    CPE23 From Up To
  Vmware Spring Framework from 6.0.0 version and prior 6.0.14 version cpe:2.3:a:vmware:spring_framework >= 6.0.0 < 6.0.14