Popko

Name of the Vulnerable Software and Affected Versions: Spring Framework versions 5.3.0 through 5.3.38 Spring Framework older unsupported versions Description: The issue is related to the Spring Expression Language (SpEL) in Spring Framework. It is possible for a user to provide a specially crafted SpEL expression that may cause a denial of service (DoS) condition. An application is vulnerable when it evaluates user-supplied SpEL expressions. Recommendations: For Spring Framework versions 5.3.0 through 5.3.38, consider upgrading to a newer version to mitigate the risk. For Spring Framework older unsupported versions, there is no information about a newer version that contains a fix for this vulnerability. As a temporary workaround, consider restricting the evaluation of user-supplied SpEL expressions to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** LinZhaoguan pb-cms version 2.0 **Description** A vulnerability has been found in the function `IpUtil.getIpAddr`, which leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. **Recommendations** For LinZhaoguan pb-cms version 2.0, consider disabling the `IpUtil.getIpAddr` function until a patch is available to prevent cross site scripting attacks.