[MAVEN:GHSA-R4Q3-7G4Q-X89M] Spring Framework server Web DoS Vulnerability
Severity
High
Affected Packages
2
Fixed Packages
2
CVEs
1
In Spring Framework versions 6.0.15 and 6.1.2, it is possible for a user to provide specially crafted HTTP requests that may cause a denial-of-service (DoS) condition.
Specifically, an application is vulnerable when all of the following are true:
- the application uses Spring MVC
- Spring Security 6.1.6+ or 6.2.1+ is on the classpath
Typically, Spring Boot applications need the org.springframework.boot:spring-boot-starter-web and org.springframework.boot:spring-boot-starter-security dependencies to meet all conditions.
Package | Affected Version |
---|---|
pkg:maven/org.springframework/spring-core | < 6.0.15 |
pkg:maven/org.springframework/spring-core | >= 6.1.0, < 6.1.2 |
Package | Fixed Version |
---|---|
pkg:maven/org.springframework/spring-core | = 6.0.15 |
pkg:maven/org.springframework/spring-core | = 6.1.2 |
- ID
- MAVEN:GHSA-R4Q3-7G4Q-X89M
- Severity
- high
- URL
- https://github.com/advisories/GHSA-r4q3-7g4q-x89m
- Published
-
2024-01-22T15:30:23
(8 months ago) - Modified
-
2024-01-23T14:44:08
(7 months ago) - Rights
- Maven Security Team
Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
---|---|---|---|---|---|---|---|
Affected | pkg:maven/org.springframework/spring-core | org.springframework | spring-core | < 6.0.15 | |||
Fixed | pkg:maven/org.springframework/spring-core | org.springframework | spring-core | = 6.0.15 | |||
Affected | pkg:maven/org.springframework/spring-core | org.springframework | spring-core | >= 6.1.0 < 6.1.2 | |||
Fixed | pkg:maven/org.springframework/spring-core | org.springframework | spring-core | = 6.1.2 |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |