1. Home
  2. Security Advisories
  3. Maven
  4. MAVEN:GHSA-R4Q3-7G4Q-X89M

[MAVEN:GHSA-R4Q3-7G4Q-X89M] Spring Framework server Web DoS Vulnerability

Severity High
Affected Packages 2
Fixed Packages 2
CVEs 1
Info Packages References Vulnerabilities

In Spring Framework versions 6.0.15 and 6.1.2, it is possible for a user to provide specially crafted HTTP requests that may cause a denial-of-service (DoS) condition.

Specifically, an application is vulnerable when all of the following are true:

  • the application uses Spring MVC
  • Spring Security 6.1.6+ or 6.2.1+ is on the classpath

Typically, Spring Boot applications need the org.springframework.boot:spring-boot-starter-web and org.springframework.boot:spring-boot-starter-security dependencies to meet all conditions.

Package Affected Version
pkg:maven/org.springframework/spring-core < 6.0.15
pkg:maven/org.springframework/spring-core >= 6.1.0, < 6.1.2
Package Fixed Version
pkg:maven/org.springframework/spring-core = 6.0.15
pkg:maven/org.springframework/spring-core = 6.1.2
ID
MAVEN:GHSA-R4Q3-7G4Q-X89M
Severity
high
URL
https://github.com/advisories/GHSA-r4q3-7g4q-x89m
Published
2024-01-22T15:30:23
(8 months ago)
Modified
2024-01-23T14:44:08
(7 months ago)
Rights
Maven Security Team
Type Package URL Namespace Name / Product Version Distribution / Platform Arch Patch / Fix
Affected pkg:maven/org.springframework/spring-core org.springframework spring-core < 6.0.15
Fixed pkg:maven/org.springframework/spring-core org.springframework spring-core = 6.0.15
Affected pkg:maven/org.springframework/spring-core org.springframework spring-core >= 6.1.0 < 6.1.2
Fixed pkg:maven/org.springframework/spring-core org.springframework spring-core = 6.1.2
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories Exploits PoC Pubblication Date Modification Date
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories PoC Pubblication Date Modification Date