PT-2023-4884 · Unknown+1 · Spring Framework+1

Published

2023-04-13

Updated

2026-05-18

CVE-2023-20863

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions Spring Framework versions prior to 5.2.24 Spring Framework versions prior to 5.3.27 Spring Framework versions prior to 6.0.8

Description The issue is related to errors in processing SpEL expressions. It is possible for a user to provide a specially crafted SpEL expression that may cause a denial-of-service (DoS) condition. The exploitation of this issue may allow a remote attacker to execute arbitrary code.

Recommendations For versions prior to 5.2.24, update to version 5.2.24 or later. For versions prior to 5.3.27, update to version 5.3.27 or later. For versions prior to 6.0.8, update to version 6.0.8 or later.

Fix

DoS

Resource Exhaustion

Allocation of Resources Without Limits

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-400CWE-770CWE-917

Related Identifiers

BDU:2023-05375

CLEANSTART-2026-SQ91016

CLEANSTART-2026-WK99982

CVE-2023-20863

GHSA-WXQC-PXW9-G2P8

Affected Products

Debian

Spring Framework

PT-2023-4884 · Unknown+1 · Spring Framework+1

CVE-2023-20863

Weakness Enumeration

Related Identifiers

Affected Products

References · 159