PT-2023-2099 · Spring+1 · Spring Framework+1
Published
2023-03-23
·
Updated
2026-05-18
·
CVE-2023-20861
CVSS v2.0
6.8
Medium
| Vector | AV:N/AC:L/Au:S/C:N/I:N/A:C |
Name of the Vulnerable Software and Affected Versions
Spring Framework versions 5.2.0.RELEASE through 5.2.22.RELEASE
Spring Framework versions 5.3.0 through 5.3.25
Spring Framework versions 6.0.0 through 6.0.6
Description
The issue is related to unlimited resource distribution in the Spring Framework, which can be exploited by a remote attacker using specially crafted SpEL expressions to cause a denial-of-service (DoS) condition.
Recommendations
For Spring Framework versions 5.2.0.RELEASE through 5.2.22.RELEASE, update to a version outside of this range to resolve the issue.
For Spring Framework versions 5.3.0 through 5.3.25, update to a version outside of this range to resolve the issue.
For Spring Framework versions 6.0.0 through 6.0.6, update to a version outside of this range to resolve the issue.
Fix
DoS
Allocation of Resources Without Limits
Resource Exhaustion
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Debian
Spring Framework