PT-2023-4884 · Unknown+1 · Spring Framework+1

Publicado

2023-04-13

Atualizado

2026-05-18

CVE-2023-20863

CVSS v2.0

7.8

Alta

Vetor

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions Spring Framework versions prior to 5.2.24 Spring Framework versions prior to 5.3.27 Spring Framework versions prior to 6.0.8

Description The issue is related to errors in processing SpEL expressions. It is possible for a user to provide a specially crafted SpEL expression that may cause a denial-of-service (DoS) condition. The exploitation of this issue may allow a remote attacker to execute arbitrary code.

Recommendations For versions prior to 5.2.24, update to version 5.2.24 or later. For versions prior to 5.3.27, update to version 5.3.27 or later. For versions prior to 6.0.8, update to version 6.0.8 or later.

Correção

DoS

Resource Exhaustion

Allocation of Resources Without Limits

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-400CWE-770CWE-917

Identificadores relacionados

BDU:2023-05375

CLEANSTART-2026-SQ91016

CLEANSTART-2026-WK99982

CVE-2023-20863

GHSA-WXQC-PXW9-G2P8

Produtos afetados

Debian

Spring Framework

PT-2023-4884 · Unknown+1 · Spring Framework+1

CVE-2023-20863

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 159