Acrotiger

**Name of the Vulnerable Software and Affected Versions** Spring Framework versions 6.0.15 and 6.1.2 **Description** The issue is related to an uncontrolled resource consumption vulnerability in the Spring Framework, which can be exploited by sending specially crafted HTTP requests, potentially leading to a denial-of-service (DoS) condition. This vulnerability affects applications that use Spring MVC and have Spring Security 6.1.6+ or 6.2.1+ on the classpath. Over 35,000 services and approximately 1,064,276 results, mainly distributed in China and the United States, are potentially affected. **Recommendations** For Spring Framework versions 6.0.15 and 6.1.2, consider disabling the vulnerable component or restricting access to the application until a patch is available. As a temporary workaround, restrict the use of `org.springframework.boot:spring-boot-starter-web` and `org.springframework.boot:spring-boot-starter-security` dependencies to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.